last executing test programs:

12.454643206s ago: executing program 4 (id=2075):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000023c0)={0x348, 0x2e, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x119}, @nested={0x334, 0x11, 0x0, 0x1, [@nested={0x330, 0xcf, 0x0, 0x1, [@nested={0x32b, 0x146, 0x0, 0x1, [@generic="f5ef56146c91147563276660e594de86923b901b9c31b5127825f1868b4db9469c2df41906c1f5ee49", @typed={0x8, 0x124, 0x0, 0x0, @u32=0x7}, @nested={0x1ee, 0x6c, 0x0, 0x1, [@generic="8b82111c59f6", @nested={0x1d0, 0x10f, 0x0, 0x1, [@nested={0x1c9, 0x11b, 0x0, 0x1, [@generic="44e4ba7c0b0ff113b095b181686c69e6901606a6035b241060d1ba9b116c80da82d5b88cc6363112ecfcfe146d3396e45fbbf0a08b22fd28c11b96cceeebb143edb758f38e41e6198a4aac1b4f64403c0297fdc66d55feb17b3a47961e32432008a761d761630abd62e074f1aeda6ad0a673e1e2f1ef46c79d906ae0a1b56a1cb49371c5044e8535c676535532d332e91b4270db1184a76120ede03ed5473adf06033298dbeef6a61dc38f79dcbab66a59547791ab5c867c0e0244d06d7eeb09d3b84e9bad5626f647e62bd3f0", @typed={0x5, 0x6b, 0x0, 0x0, @str='\x00'}, @typed={0xc, 0x105, 0x0, 0x0, @u64=0xfffffffffffffffd}, @typed={0xc1, 0x82, 0x0, 0x0, @binary="9da6d2cfd0d56814fd84a9b4e09bfefb7e71aa6b1338a2f4b0bcf5b7da34e38272c0fb396e8da9fe6bafa86982b217883dc0a99d6f8cc8d02d65ac33bf40d09bc28a90cbe72d692943aa8ec74169b9f54f99da2135cef1a3b948b4bb65653d617abfa325b7ece7ef3a395ab715205e14add6497c4d4ccd9950c466a2121433263671d206265ab7a4afb86bcfc88d39c8da199e34acdfd9f19a20d74af1508d9ef7e25cbdbcb597005c8fd2c532208d87b50f917122d979574773357159"}, @generic="ea8e54f0deb6d4df4fed8cacb160ad53bc0360eeda91dd56", @typed={0x8, 0xb8, 0x0, 0x0, @pid}]}]}, @nested={0x4, 0xef}, @nested={0x4}, @typed={0x4, 0xfe}, @nested={0x4, 0x62}, @nested={0x4, 0x87}]}, @typed={0x8, 0x65, 0x0, 0x0, @pid}, @generic="db89061eb9fbad2bf82b2a9418649da868c869b4397ab66e7f39863979f0bdf348067f0b5606ca8cdcb5b5080280648f010c688d62984d051b094fe343cb1fa22295cdcf66ca2b1cc8152ecb85f43f28d04aa546812ddb957608dc2f3b52e0e98745cc4aa9b20ab28754d0d7c05b9139d8ff8509fbe0d7d56d5710ea94b935782d99259af1a87cf89bcca8f33c9878df0b153753b7ccc2d3d65b5d8e92f7230c8b3b3d434ce7cd2f1e8dbf2cbfca3103a770996f13ed41af6f046964853f276bf8c18987b616eb8c1c752f52389cd54b7a7874ba1d9b4d2612518c8c3c9220ded49fd5ff56d71b5b5569f9421c6d", @typed={0x8, 0xb8, 0x0, 0x0, @u32=0xfffffff8}, @typed={0x8, 0x98, 0x0, 0x0, @fd=r0}]}]}]}]}, 0x348}], 0x1, 0x0, 0x0, 0x84}, 0x300)

11.71687704s ago: executing program 4 (id=2077):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0))
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r2 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r3 = fanotify_init(0xf00, 0x1)
fanotify_mark(r3, 0x105, 0x40009975, r2, 0x0)
fallocate(r1, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)

9.947670493s ago: executing program 4 (id=2083):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0x3}, {}, {0x2, 0x1}}, [@qdisc_kind_options=@q_cbq={{0x8}, {0x1c, 0x2, [@TCA_CBS_PARMS={0x18, 0x1, {0x6, '\x00', 0x8, 0x8000, 0x0, 0x2}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40098}, 0x4000000)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)={0x2c, r8, 0x1, 0x1, 0x25dfdbfd, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000000}, 0x8000)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x0, 0x5, 0xfffffffd})
r9 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r10, &(0x7f0000001fc0)=""/184, 0xb8)
ioctl$HCIINQUIRY(r10, 0x800448f0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r9, 0xc01064b5, 0x0)
ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000980)={0x8001, 0x3, 0x9, 0x7, 0x6e64})
write$eventfd(0xffffffffffffffff, &(0x7f0000000200)=0x8000000000000000, 0x8)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000080)='-6', 0x2}], 0x1)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c00000015000100000000000000000005000000080001"], 0x1c}}, 0x0)
ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, &(0x7f0000000680)={0x0, "0f79472bef96a48f2984cc086a5b430c8e3ca2195676a7fe73ae8bf9e734c84b162bef2b2e0c5c7f8760d0820850cf38f53f74df84386d08ae848850b78fb53ddf4575494c77888dc484bd91d2c0ab3669c307e1f92b93b5ae3096aa709a5c6bba9179a0f86da64ddad8694fb4d66986c0663ad50e1a17d9d61289a2fd34d020ceb0ebb62df3db6572c1819ac85c332024bbcc8ab4116dd01f834d2756dacc0e95dbec8374d0d97c1967ed3abaa7db697490f48c8f4bec0cb60801da01cf243d1c995845689b38f5091d280d66c947932ca787682d56633a2d772f89bfc3b21e28f01af786ecf7c1078deaaa8415a68e2d05f4fb7582a032ed7d87f3ae9745870be1b675f54ab99a3259d1a988197ba630521cf721f390bbc75b0d046b1576173461337c93fa3aa53c0b328bdf0f006ef18e46f1b544a97f321ac1a860b43dcbbb0e96c985d6d211a18caf0f86c718159630c5aba45a23523216326f31874fd54f846684bccc27e5019b285e0caaa7f85cdd18fd0104f9d3bb2dc8ca60f09305c87791fd0901b5744b080f20077e1965448ca66ccd6efa34855d49a680862e347efbcbea638cbfb382c122279ea1ce8af77a321e3bc559d0b1d84c988bab4f0cc4d3d60425538c2cbb8b06587c4086337efdf348795a40312c5f01d1ee87c0b6bd21cacc46f6a08921f7bd9de79fd0b8660ebfc970becf49ef9d1e1971f19fa5"})

8.784256229s ago: executing program 1 (id=2086):
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x248)
close(r0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

8.74038413s ago: executing program 0 (id=2087):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x20000045)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000001e580)=@newtaction={0x14, 0x1e, 0x109}, 0x14}, 0x1, 0x2b1e}, 0x0)
dup(0xffffffffffffffff)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000080)={{0x0, 0x1, 0x0, 0x1, 0x3}})
process_madvise(0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STOP(r2, 0x54a1)
ioctl$SNDCTL_DSP_GETOSPACE(0xffffffffffffffff, 0x8010500c, &(0x7f0000000040))
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4)
add_key(0x0, 0x0, &(0x7f0000000100), 0x0, 0xffffffffffffffff)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000001280), 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000080))
r5 = accept$alg(r3, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000001900)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000000c0)="5bdbd57a0e656889964df9937f561de9b944d1e381fed329742e239cb13cf2af711d48", 0x23}], 0x1, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2}], 0x1, 0x0)
r6 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
lseek(r6, 0x3, 0x3)

8.21467622s ago: executing program 1 (id=2090):
syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = fsopen(&(0x7f0000000380)='udf\x00', 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0d05604, &(0x7f0000000240)={0x1, @sdr={0x34325258, 0xb}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000580)={0x458, 0x7d, 0x3, {{0x500, 0x317, 0x4000, 0x0, {0x0, 0x0, 0x8}, 0xa0780000, 0x9, 0x0, 0x8, 0x1b, '\x04nodev{evoo~%9\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x260, 'u\xaf\xf5@\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1e\xe1,\xeaHY|fFF\xc9\xa7\x0f>I%3q\xc0B8wE\x8c\xe9C\xc5\xef\x03\xb9\x14e\x1f\xa3\xb8OAik\x90\x14\x16#\xd7\xc1CD\x190\xdf\xf2V\xf6\xe8\xd4\x83]\x9b;\xa5\xa7tKP\xbe \x96x7\x83&\x18OJ\xc3\xe0\xc3h\x1b\xb9Pu\xf3\x84}+s,\xd9\xbd\x96\xfb\x98M\x84\xe6\x9b\xa9\x92\'\x93\xd2c\x84\x86\xd6x\x0e\v\x85#e\xf08\xb0\f\x11\xc5\xd4Y\bC\xbcr\xa5\x9f\xa4\xa3s\x12\x9e28*\x15\xcfl\x88W\t\xfa\x1asD\x8d\x94\xde\x89e\x1e\xc2\x8c;\xdc\xc3\xd3\xb9Y\xbd~\xd0q\xabZ[\xe0\xfa)\x1c\xf1\x15\xab\xf0\x84\xc7\xbd\xfa\x15\f\xb8\xe4\xaa\xe2\xce\xbf\x98{\"H\x80kE\x9bZ_\xddZ\xa5\xbb\x90\xa5~\xe1\xf4\xe3TK\xd6\xd1\xb4\xca\x13yus\x80\x80\xc4hgJks\xa3\xdf(%n\a\x003!,\'{\x1d\xc1u\x81\xf4\xc6\xdd\xde\xf3\xaa\xe3\xadm\xca\xed\xf4\xf6\x7f\xdd7\x94\x83/\x89M\x10l\x9e\x8d\xfc\xd2c\xcc\t\xc0\\\x15\xe6\xc4\xbf\xb0\xdfmZ\xd6\a\xee\a\x05\xea\xcc\x8a \xaa\xfe\xfc\"\x88_\xb6\x1e\xf5{\xc8\f0T\x02t`\xf6G\xd1#\xd4\x8a_\xfcg8\xab\xe1\xc9@\t\x96xE-\xca\\\xc1v\xb6\xb6m\xcaV^\xe7\x83%\xb9!dn\xa0\xd8`\x0f\x1e/}\xfc\xd0`\xd4\xb7\xfe\xf2\xe0\xcd\xd3t^\x90\x9a\x14\xaa\x03W\x03\xe8m\xd9[<\x82O>{$\xfb(\x7f\xe8\xb3\xe3\x19w2\xf2c\x8a\xec\x8do\xa5\x9d\xa7\xc1D\xb3\xa1$[+5!\n\x0el:\xb2\x1e\xea#\xa4\xde#\xf2q\x8a\b\"\x8f\x12d\x8a\xf5\xb2\x9f\x91\xdb\"~z\xfa\x03M\xf1<_\xbf\x10k\x97\xa3\x00$\x84\xb4\xab\xbfqh\xc32\x183\xfe\xe63\x99\xad\x1e\xbb}\xd0{\xd7t\x8c\x83\x87\xf6\xd5\x04\xbf\xb9\x88,\x92\x8bA\x95\xba\xf7\xb85\xaap\x06\xe4\xb3\xd8\xb7Q\xec\xe4\x1f\xc8\x18\xbc^\xee\xe6\x972\xe2\x12\x91C\x00<,\x894\xb2\x04\x05\x04\xf7[y\n\xbf5\\Ag\xe5\xd8\xed?KF\xb6\'\xf0\xbb\x80:9\x00'/608, 0x14, '\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e<]\xb4Z', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x458)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000001d80)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000c0], 0x11, 0x0, &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108)
getresuid(0x0, 0x0, 0x0)
setuid(0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000040)={0x24, r8, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xffffffe0}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x801)
sendmsg$NL80211_CMD_SET_COALESCE(r7, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r8, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r9}, @void}}}, 0x28}}, 0x0)

7.328266394s ago: executing program 2 (id=2091):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x4000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r5=>0x0)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @remote}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x22048854, &(0x7f0000000200)={0x2, 0x4e23, @empty}, 0x10)
sendto$inet(r6, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03859bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b037511bf74", 0x49, 0x11, 0x0, 0x0)
r7 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r8=>0x0})
bind$can_j1939(r7, &(0x7f00000000c0)={0x1d, r8, 0x8000000000000003, {}, 0xfd}, 0x18)
sendmsg$nl_route_sched(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000640)=@deltaction={0x14, 0x31, 0x200, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x400c044}, 0x480c5)
close(r7)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r5, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
mincore(&(0x7f0000ffb000/0x2000)=nil, 0x2000, &(0x7f0000000080)=""/45)
openat$userio(0xffffffffffffff9c, 0x0, 0x22242, 0x0)
r9 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r10, @ANYBLOB="2c7766646e6f3db720fbc1a0", @ANYRESHEX=r9, @ANYBLOB=',\x00'])
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b"])

7.229040752s ago: executing program 3 (id=2092):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
syz_clone3(&(0x7f0000000340)={0x801400, &(0x7f0000000040), 0x0, 0x0, {0x19}, 0x0, 0x0, 0x0, 0x0}, 0x40)
r0 = socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000340)=@ethtool_regs={0x7}})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket(0x1d, 0x2, 0x6)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

7.112835043s ago: executing program 0 (id=2093):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
getgroups(0x2, &(0x7f0000000180)=[0xffffffffffffffff, 0xee00])
ioctl$TIOCGPTPEER(r0, 0x5441, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r1 = socket$alg(0x26, 0x5, 0x0)
fsopen(&(0x7f00000029c0)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000002380)='u\\d\x89%a}[(\v\xd8\xe6_\x1f\xf7&\xae\xb8\xbc\xbd\xacZ\xdf\x1cr\xb9\x81\xe8\xb8\x81\x8e\x91G\xf0;I\xbc \xfap\x13\xe2\xb1\x85\x93\x95\x89j\xd3\'\xe5\xc0]PO\x1bw\xbf\xb3\xe4\x95k\xbcn\xd6\x84\x02\xa7\xe8\xbd~B>;\xad\x90\xad:\xc4S\xc0\x03\xb8\xe3\x8ec\t\xa3\x86\xfd\x8cg\x83K\xbe\xf1\xb0@\xf1$\x05\xfe=\x80\x9b\xbcY\xbcS\xff\xfc1\xff\xa4\x19\xd3\x88F\xb7A\xba:\xdc\x1fd\xcf?b\xc7\xd4\xbe\x1a\x9d\xfe\xc9\xfd^u\x85\xd5\xc8\xd7\xad>+`\xc7\x8c\xce^\xa6\xc5peq\x89kN\xf1\xebL\xcd}=\x85\xdd\xf8\xe5D\b\xae\xbde\x8a!\xf1\xe2\xf16\x18\xdd\xf4\x9a-\xd3iR\x8d6\xe8\x85\xe4\xdd\xde~m\\\x06\xc8\x11#n\xb0\x8c\xa4\xcc\x0f\xfe)\r\xad19\x92\xc7FT\x97\xf4\xfa7\xfbn\x1b\x1a\xe3\x13oSd\x00\x19\xea\xff\x90\x9fA,$$L\xbc\x12\xd1!\xa9^\xdf\x19\xd9\xca\b\xd5sDP\x8c\xa4\xae\x96\xe8:5\xbc\xa4\x9byIg\x1d\v\x1f;y\xbdumX\xebG\xb4\'\\\xbag\x92=\x94\x8f2$j?\x16\x1c\xba\x9a\xa2\xdci\xe4;\xfd\xa8<\x0fi\n\x1d\xf2\xb2?D\xb2av\x14\x14\xb9\xefm\xa7_]T\x98\x02w\xc7\x94HmN\xdb\xe9\xbc\x88Pe\x8d0\xb1\xd9\xd1\xd5\xc3\xb8Pl\x17X\x18\x1c\x8a\xdd\x8d\"*\f\xdf\xdf}\x1d\xc2(\xc55\x18E\xdf\xb3\xb3\x1a\xcf\xb5\xa8', &(0x7f0000002240)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\xf1\xff$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8DdwU\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94U\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\x00\x10\xf8\xff=\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\xafL\x1e\xe6\x00\n\xa72\xa3\xef^\xe7\x8f\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2800000011143dcf0000000000000000080001000000000008004b0028"], 0x28}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be5216344841", 0xe}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e", 0x97}], 0x2, &(0x7f0000000000)=[@assoc={0x18, 0x117, 0x4, 0x54}, @op={0x18, 0x117, 0x3, 0x34935b8b8683df5c}], 0x30, 0x800}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000740)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0)
msync(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x4)

6.523283829s ago: executing program 1 (id=2094):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x20000045)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000001e580)=@newtaction={0x14, 0x1e, 0x109}, 0x14}, 0x1, 0x2b1e}, 0x0)
dup(0xffffffffffffffff)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000080)={{0x0, 0x1, 0x0, 0x1, 0x3}})
process_madvise(0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STOP(r2, 0x54a1)
ioctl$SNDCTL_DSP_GETOSPACE(0xffffffffffffffff, 0x8010500c, &(0x7f0000000040))
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4)
add_key(0x0, 0x0, &(0x7f0000000100), 0x0, 0xffffffffffffffff)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000001280), 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000080))
r5 = accept$alg(r3, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000001900)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000000c0)="5bdbd57a0e656889964df9937f561de9b944d1e381fed329742e239cb13cf2af711d48", 0x23}], 0x1, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2}], 0x1, 0x0)
r6 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
lseek(r6, 0x3, 0x3)

5.646328063s ago: executing program 3 (id=2095):
r0 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0xa200, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x67, &(0x7f0000000140)={@random="9d3e485beb27", @random="78a4e8c9ab61", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "727893", 0x31, 0x3a, 0x0, @private1, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0xadd, {0x0, 0x6, "6b329f", 0x0, 0x3a, 0x0, @private2, @local, [], 'l'}}}}}}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x48000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xfffffffffffffffb}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0x7005, 0x0)
readv(r0, &(0x7f0000000000)=[{0x0, 0x46}], 0x1)

5.594255302s ago: executing program 0 (id=2096):
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000600)=""/102400, 0x19000)
write$vhost_msg_v2(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x16, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40000000000000071115300000000008510000002000000850000008800000095000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x70)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl(r4, 0x8b2c, 0x0)
r5 = syz_open_dev$vim2m(0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b0000000000"], 0x48)
socket$nl_rdma(0x10, 0x3, 0x14)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18020000ff0f000000000000fcffffff8500000029000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000170000009500000000000000665fd83b48c2a9780af56d92d1237b83191c1d246c0bdab11291760ca9d322b85ebe73fb9fffcb03bcc3ce3400cb6cde085be331997f6bf716264af1783f8d2b910bd34cba495352b0"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9e654d387dbe9abc8ac6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000762f0018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='ext4_sync_fs\x00', r7, 0x0, 0xc}, 0x18)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)

5.592877071s ago: executing program 2 (id=2097):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$kcm(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000400)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$read(0x16, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$nfc_llcp(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000580)={{{@in6=@empty, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e22, 0x4, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x2c}, {0x2c5f00000000, 0x9, 0xe2, 0x9, 0x3, 0x9, 0x4, 0x2}, {0x8, 0x0, 0x8, 0x2}, 0xf, 0x6e6bc0, 0x0, 0x1, 0x2, 0x3}, {{@in=@empty, 0x4d6, 0x3c}, 0xa, @in6=@loopback, 0x3505, 0x3, 0x2, 0xfb, 0x8000, 0xfffffbb8}}, 0xe8)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000040)={0x0, 0x2, 0xad8})
r4 = openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x8002)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f8, 0x118, 0xc8, 0x8, 0x0, 0x5803, 0x228, 0x2e8, 0x2e8, 0x228, 0x2e8, 0x3, 0x0, {[{{@ipv6={@mcast2, @private0, [0xffffffff, 0xffffff00, 0xff, 0xff], [0xff, 0xff, 0x0, 0xff000000], 'wlan0\x00', 'syzkaller1\x00', {}, {0xff}, 0x32, 0x3, 0x3, 0x4}, 0x0, 0xd8, 0x118, 0x0, {0x0, 0x2000000000000}, [@common=@inet=@esp={{0x30}, {[0x4d4, 0x4d3], 0x1}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x81, 0xff, {0x4}}}}, {{@uncond, 0x0, 0xd8, 0x110, 0x0, {}, [@common=@frag={{0x30}, {[0x6, 0x4], 0x81, 0x32, 0x1}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x3, 0x1}, {0x1, 0x4, 0x4}, {0x0, 0x3, 0x1}, 0x4, 0x101}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x358)
write$binfmt_aout(r4, &(0x7f0000000380)=ANY=[@ANYBLOB], 0xc8)
dup3(r4, 0xffffffffffffffff, 0x0)
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="380000090000000800000000000000429f60c28d0ed6a2117a3ddfd05d048008000140000000020c00048008000140000000810900010073797a3100000000"], 0x38}, 0x1, 0x0, 0x0, 0x40010}, 0x1)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000940)=ANY=[@ANYBLOB="680000001000030500f0e66f15000000000000009c53e0938f6e313501917d4692a55fff26e588b563fead77cba19647380b25d4d10b63892d19092840c0d19697c7fac0906623a5c7430afa8267a42037acb36f92eed32614177fb8feeb45fb190231ce1475f300d98d34a7e6840f8fb221191508e6811b6250e1847e21a53e641db849a4d56431dcf9289163c7d244d471ca6664ae8507979b642fe8d89158bf23f7425673ea53ce7626deb11eb42525babdb2a4d3dc289d6fcabe8918365cc39769aca4b77fcf455c158e70402210fd93ad7185ae8d38a5aff7f69a346f75f4e89294ffddee592948a49ab0283b6a9d9c41f7d20568b56a5222001c852e212f9d8b17bbee4f49cc97a2dc44f0e05cafc46a215fa1c7ee542c237bad8f882dde98b583315f58b475", @ANYRES32=0x0, @ANYRES32], 0x68}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

4.453415686s ago: executing program 2 (id=2098):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1e, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="cf0425bd7000fedbdf251200000008000300", @ANYRES32, @ANYBLOB="0ab10ad1ce182c99fa47"], 0x30}}, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f00000000c0), r3)
syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)

4.383645205s ago: executing program 1 (id=2099):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000580)=0x2)
sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f00000292c0)=""/102400, 0x19000)
getpriority(0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff}, 0x13f, 0x1}}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00'})
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000000)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000080), r4, 0x0, 0x3, 0x1}}, 0x20)
r6 = accept4(r2, 0x0, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, 0x0)
sendmsg$nl_route_sched_retired(r6, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r6, 0x0, 0x0, 0x2023, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/12], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000190a01"], 0x20}}, 0x8004)
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x4a8500)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18"], 0x0, 0x7de, 0x0, 0x0, 0x0, 0x1a}, 0x94)
r7 = socket(0x200000000000011, 0x2, 0xd)
bind$packet(r7, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r8, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r8, 0x4008af03, 0x0)

4.341461441s ago: executing program 4 (id=2100):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x3c, 0x5, 0x6, 0x101, 0x0, 0x0, {0xa, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048045}, 0x4)

3.870679388s ago: executing program 0 (id=2101):
syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = fsopen(&(0x7f0000000380)='udf\x00', 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0d05604, &(0x7f0000000240)={0x1, @sdr={0x34325258, 0xb}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000580)={0x458, 0x7d, 0x3, {{0x500, 0x317, 0x4000, 0x0, {0x0, 0x0, 0x8}, 0xa0780000, 0x9, 0x0, 0x8, 0x1b, '\x04nodev{evoo~%9\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x260, 'u\xaf\xf5@\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1e\xe1,\xeaHY|fFF\xc9\xa7\x0f>I%3q\xc0B8wE\x8c\xe9C\xc5\xef\x03\xb9\x14e\x1f\xa3\xb8OAik\x90\x14\x16#\xd7\xc1CD\x190\xdf\xf2V\xf6\xe8\xd4\x83]\x9b;\xa5\xa7tKP\xbe \x96x7\x83&\x18OJ\xc3\xe0\xc3h\x1b\xb9Pu\xf3\x84}+s,\xd9\xbd\x96\xfb\x98M\x84\xe6\x9b\xa9\x92\'\x93\xd2c\x84\x86\xd6x\x0e\v\x85#e\xf08\xb0\f\x11\xc5\xd4Y\bC\xbcr\xa5\x9f\xa4\xa3s\x12\x9e28*\x15\xcfl\x88W\t\xfa\x1asD\x8d\x94\xde\x89e\x1e\xc2\x8c;\xdc\xc3\xd3\xb9Y\xbd~\xd0q\xabZ[\xe0\xfa)\x1c\xf1\x15\xab\xf0\x84\xc7\xbd\xfa\x15\f\xb8\xe4\xaa\xe2\xce\xbf\x98{\"H\x80kE\x9bZ_\xddZ\xa5\xbb\x90\xa5~\xe1\xf4\xe3TK\xd6\xd1\xb4\xca\x13yus\x80\x80\xc4hgJks\xa3\xdf(%n\a\x003!,\'{\x1d\xc1u\x81\xf4\xc6\xdd\xde\xf3\xaa\xe3\xadm\xca\xed\xf4\xf6\x7f\xdd7\x94\x83/\x89M\x10l\x9e\x8d\xfc\xd2c\xcc\t\xc0\\\x15\xe6\xc4\xbf\xb0\xdfmZ\xd6\a\xee\a\x05\xea\xcc\x8a \xaa\xfe\xfc\"\x88_\xb6\x1e\xf5{\xc8\f0T\x02t`\xf6G\xd1#\xd4\x8a_\xfcg8\xab\xe1\xc9@\t\x96xE-\xca\\\xc1v\xb6\xb6m\xcaV^\xe7\x83%\xb9!dn\xa0\xd8`\x0f\x1e/}\xfc\xd0`\xd4\xb7\xfe\xf2\xe0\xcd\xd3t^\x90\x9a\x14\xaa\x03W\x03\xe8m\xd9[<\x82O>{$\xfb(\x7f\xe8\xb3\xe3\x19w2\xf2c\x8a\xec\x8do\xa5\x9d\xa7\xc1D\xb3\xa1$[+5!\n\x0el:\xb2\x1e\xea#\xa4\xde#\xf2q\x8a\b\"\x8f\x12d\x8a\xf5\xb2\x9f\x91\xdb\"~z\xfa\x03M\xf1<_\xbf\x10k\x97\xa3\x00$\x84\xb4\xab\xbfqh\xc32\x183\xfe\xe63\x99\xad\x1e\xbb}\xd0{\xd7t\x8c\x83\x87\xf6\xd5\x04\xbf\xb9\x88,\x92\x8bA\x95\xba\xf7\xb85\xaap\x06\xe4\xb3\xd8\xb7Q\xec\xe4\x1f\xc8\x18\xbc^\xee\xe6\x972\xe2\x12\x91C\x00<,\x894\xb2\x04\x05\x04\xf7[y\n\xbf5\\Ag\xe5\xd8\xed?KF\xb6\'\xf0\xbb\x80:9\x00'/608, 0x14, '\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e<]\xb4Z', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x458)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000001d80)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000c0], 0x11, 0x0, &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108)
getresuid(0x0, 0x0, 0x0)
setuid(0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000480)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_WIPHY(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000040)={0x24, r8, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xffffffe0}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x801)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)

3.868949716s ago: executing program 2 (id=2102):
openat$tun(0xffffffffffffff9c, 0x0, 0x658b00, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_io_uring_setup(0x223d, &(0x7f0000000100)={0x0, 0x57d9, 0x100, 0x0, 0x1cd}, &(0x7f0000000040), &(0x7f00000001c0))
io_uring_register$IORING_REGISTER_NAPI(r0, 0x1b, &(0x7f0000000000)={0xffff, 0x6}, 0xf4240)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_REWIND(0xffffffffffffffff, 0xc0844123, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r2 = getpgrp(0x0)
capget(&(0x7f0000000000)={0x20080522, r2}, &(0x7f0000000040)={0x0, 0x8, 0x9fd7, 0xfff, 0x8, 0x4e})
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ptrace$setregset(0x4205, r2, 0x202, &(0x7f0000000180)={&(0x7f0000000080)="1611be07778b7547a7465ba3d42dbdde35240ae39b2606b439634478c4f82cdcdfff72a94acdccb142705082b4e2d57ebd8f95cc12da0a35259cab7e98149d7879c6409e9fac77c5f4ef98c3761361348ea02377b816dcdb6327911908180bb8", 0x60})
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000023c0)={0x34c, 0x2e, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x119}, @nested={0x338, 0x11, 0x0, 0x1, [@nested={0x334, 0xcf, 0x0, 0x1, [@nested={0x32f, 0x146, 0x0, 0x1, [@generic="f5ef56146c91147563276660e594de86923b901b9c31b5127825f1868b4db9469c2df41906c1f5ee49", @typed={0x8, 0x124, 0x0, 0x0, @u32=0x7}, @nested={0x1f2, 0x6c, 0x0, 0x1, [@generic="8b82111c59f6", @nested={0x1d0, 0x10f, 0x0, 0x1, [@nested={0x1c9, 0x11b, 0x0, 0x1, [@generic="44e4ba7c0b0ff113b095b181686c69e6901606a6035b241060d1ba9b116c80da82d5b88cc6363112ecfcfe146d3396e45fbbf0a08b22fd28c11b96cceeebb143edb758f38e41e6198a4aac1b4f64403c0297fdc66d55feb17b3a47961e32432008a761d761630abd62e074f1aeda6ad0a673e1e2f1ef46c79d906ae0a1b56a1cb49371c5044e8535c676535532d332e91b4270db1184a76120ede03ed5473adf06033298dbeef6a61dc38f79dcbab66a59547791ab5c867c0e0244d06d7eeb09d3b84e9bad5626f647e62bd3f0", @typed={0x5, 0x6b, 0x0, 0x0, @str='\x00'}, @typed={0xc, 0x105, 0x0, 0x0, @u64=0xfffffffffffffffd}, @typed={0xc1, 0x82, 0x0, 0x0, @binary="9da6d2cfd0d56814fd84a9b4e09bfefb7e71aa6b1338a2f4b0bcf5b7da34e38272c0fb396e8da9fe6bafa86982b217883dc0a99d6f8cc8d02d65ac33bf40d09bc28a90cbe72d692943aa8ec74169b9f54f99da2135cef1a3b948b4bb65653d617abfa325b7ece7ef3a395ab715205e14add6497c4d4ccd9950c466a2121433263671d206265ab7a4afb86bcfc88d39c8da199e34acdfd9f19a20d74af1508d9ef7e25cbdbcb597005c8fd2c532208d87b50f917122d979574773357159"}, @generic="ea8e54f0deb6d4df4fed8cacb160ad53bc0360eeda91dd56", @typed={0x8, 0xb8, 0x0, 0x0, @pid}]}]}, @nested={0x4, 0xef}, @nested={0x4}, @typed={0x4, 0xfe}, @nested={0x4, 0x62}, @nested={0x4, 0x87}, @nested={0x4, 0x76}]}, @typed={0x5e, 0x65, 0x0, 0x0, @pid}, @generic="db89061eb9fbad2bf82b2a9418649da868c869b4397ab66e7f39863979f0bdf348067f0b5606ca8cdcb5b5080280648f010c688d62984d051b094fe343cb1fa22295cdcf66ca2b1cc8152ecb85f43f28d04aa546812ddb957608dc2f3b52e0e98745cc4aa9b20ab28754d0d7c05b9139d8ff8509fbe0d7d56d5710ea94b935782d99259af1a87cf89bcca8f33c9878df0b153753b7ccc2d3d65b5d8e92f7230c8b3b3d434ce7cd2f1e8dbf2cbfca3103a770996f13ed41af6f046964853f276bf8c18987b616eb8c1c752f52389cd54b7a7874ba1d9b4d2612518c8c3c9220ded49fd5ff56d71b5b5569f9421c6d", @typed={0x8, 0xb8, 0x0, 0x0, @u32=0xfffffff8}, @typed={0x8, 0x98, 0x0, 0x0, @fd=r3}]}]}]}]}, 0x34c}], 0x1, 0x0, 0x0, 0x84}, 0x300)

3.838003828s ago: executing program 1 (id=2103):
r0 = syz_usb_connect(0x0, 0x1cb, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0xf0, 0xe1, &(0x7f00000002c0)="51e6a071608b9ab5c1e67e02fa6eabe1cae09f5ddb63c244531c6431bbf6617017bbab4bad0ddb2ba40034ce928d6c8b3b83f384aeb19f6df96ed69c709074f723d32cfadb5d6c1ace966412a63a1d1067df779e89f91b2280dba951ba25a77a30bc0583836fea068f794b71496bbdad5f4e121ae5d84b0440d9aa3beb4f86794b6d43b6794aceddadf84fed4b172b410fc4f13e292afcfb6d1d4d0ea226d0365f3d90344a1ad4ba63b8bb8b7b3436f0374bd6a2856d4aba31e353a7ca7d08c9e0e4decce5be2b424e41b6042a4f80b3834a42405ac5749bd28c3f4efbab07a2d6")
r1 = fsopen(&(0x7f0000000040)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x8, 0x0, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, 0x0, 0x41, 0x0)
writev(r2, &(0x7f0000000200)=[{&(0x7f0000000040)="c4", 0x1}], 0x1)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, &(0x7f0000000040)={0x0, 0xb, 0xc5, {0xc5, 0x30, "adb728a71968cacfdbf1306c49846e9879a32b18565c330484233d91688f07bec3795f68ed07e1bfb440ff721fce1c6c5274f9c45167fc6ae41df34e42b599256fe02359d3c99800e0dbec2aa35d68544366302bfc32401cdc4f78d181a519c6ccba5dc0d2e84a25e0553dc9300c5503b5516e99d9a86f51a99b1e254684f28841d7ff88b403cfe5cf2ae1bdccca6b154e2e1dd4056034d2344dda2eb5a9646f21c8032b6d1fd10351b0d282f2c5b21ccbbff55f5405658a2c58539c6e0763dea2f40e"}}, &(0x7f0000000140)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000280)={0x1c, &(0x7f00000001c0)={0x20, 0x10}, &(0x7f0000000200)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000240)={0x0, 0x8, 0x1, 0x3}})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000740)={0x34, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})

3.816247523s ago: executing program 4 (id=2104):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x36)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}, 0x0, 0x0, 0x11b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4e1d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000200)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x442202, 0x0)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
sync()
sync()
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

2.485664282s ago: executing program 0 (id=2105):
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(r0, &(0x7f0000000300)='./cgroup.cpu/cgroup.procs\x00', 0x20000, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, &(0x7f0000000140)=0x7ef)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x7)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f0000000340)="8602000000803abc647939e20000000000000000", 0x14}], 0x1)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000004dc0)=ANY=[@ANYBLOB="10100000000000001801000005000000ece538e8b62831eafcd9056be7c8a4f36891e0bd363476ba635f8d61e20221d10831df051097c214cf0e5f4345fa2c1eff6b0f8eedd3687f41fdd27b53aabf690ef80b8953b86b7943136212b1ec5c95809bc5d24c84f1ea4c6a1ff8b0dfc20e9b15115ddad4e233132bb07ee1577ae158a9ec4de6171ac0a7542ea221a3d97d80e7bed34fde3c64661a751d33a6d102ec5e611cee97f445ff21d4d3b360a17a83b7594ad811751ceb59ea8b5cde9525ac5679cf2e35907c0abbb85a25c776a98af56eff37c6627d00c51fd572f6113013d16a54d005b0f833f3c9cde6b897312b7ddc1b063781f822e06890c08ad3025e80b4a550a680e58053a8c33d2e1858f971a40788f6b287baa082a334140c0091f5f2d232ecbc86218a477e468e5be1b48d7787071b5c891cc3efde21a3b0337adeaa6a41ce8fd6edf1b0a47ca0cd6d785cc2c1c3803dde4d9749a10e21d489531efca60760b4ff2061dd7800c4f23c3d1e2bcd694fcc87261a2fdfee6baaa701c7083e9675a75b8d530f09f72d8d3fed4ed848ba18d11635893b52c84a6f0fdc9711b63cba52c9e33ac701261d5459b6ff53be036549b6d0e617d125a6a758370d0671f5f956918db7c4d0afb4f7369bad2a1cf0b7bcf130464bb031b092392a72e8234c1cc1d41190dad660bd1d9283d7d4c7f7410c83f6cfbd25b438097f3e5fd4a23e56c1995179797f03c6dfc5e8be4515d9c72ef9ecbb7cd80d4e71d2ac2f31396081eb9fee4b5d633aee32775a004f7aee9f33d81f9e469a1bef0a995ca8d50c2d853bfb1ebaf301d0c649b74827ae650b6a3bec85e2e9fd45e33bdd8c29cb0692d78a73700daf8eaff8efc06f8c07b3ce384ab1d925cdc440a4b85ace1edb6202df092fe6b37c11e10f3cb3d9e0cc19d55989766aec965403244c8dabfcdcc51c2297131307048ffc88b47d07e821656fa73395dd464d79ee82b3d4f47bd29f42f44f9521efdec7b0e8b5436d496ae046d72d69bc3d35a62829954fdf87fa10330a7864465ee86c540b2e1320e8453701898027ef86ad0d7c31c009f0e5f4c35eeb870ba4caa3708656b38c3797aaadb4b372acf23c05d55d98eb8c1c628e744a6a4439b5a515a2a083f8fbc71a2e6800c3ffec640d21d05a4b1f4548c5541f809e9766cce96b2c53b220361638c4dc43af7d5edb874bb48ca3c8a837fdccff0c8b50bc402da6262c5e3b344f313153fd455e4414f2b0e4a2bcf881b5615e399f8bbe6c3c20a314539b856de845a6e37e5f6925f3d5929eb59243b792834b0de7643077681b9113f5d192c4e96ebea0465901e5aa5da812b0d112089c048e29c523a753f7babe4e3de0bff0f220493bef0e7b76b051cecc325a8fb60a76880155ed33bbbccb472dd3b568829eb7cfb4280521adee82b1b1b7c31b0baa329f81f254526461b787d32bd18a760944a3f728a8a257f2bb9bc9172daeeb9a3d099fa60a440063b70cb48a54cf8739467f7e2b075b74800056475332bd226daf3e7a85c198107c3fe4818e78dda31d1d8c4c618c218e368a0e20655c325f95ebdb03320448cfd754064e7a6b69b1677d12a5c63b853d77bd06b4759e30e764806b91d5e9e54c907255ead2d433538105dc4dd9d364de0a82bbbe035d34e215be51d468b95a87e0e6d76264ff4a8bde40e956782351b5595118d6f630ae1eeeb5755177d0cd71f259eb580ba0918194a3b75d6110d58079c57ffef2f53a8d0fcd824c1bf83e612a2c63b0dc6f0e6997d7905d5adf649da853204a522043147f7b7debd7c01835b4f311ad3a6c4122f4cc970e2926ea30aaaf307555dea57ef2dbe3e5ec783dc447d1834cb1cc711c34051d5077d373013e995d34dd20a4ae0f3356b388a46ca2d3686daa528246dd0ab3e7400406e88797294d61b24e81ce8812e0eb38e898c658dafa957618e969f73f988fb6a5b13b0bdd2a63e666f88513f5f15d0f0a743be28c5fa6386d9af70292e96b54d4d5495ab142b036f11a7c18d6245ceb713a30c875af0e7124934b1bda9a9484e617360e2b9b63052da78188ab3ff5e2c8df92e3ff7845343165fd501f097296d614e163a33d8e15032147e2f3dd57e8207c11a11cd9d39a786223d2b6b000ab841e3237bcca18431f26a0ece2e478c28b56ccb93966151be4e52d823d1bc345d9a5c2925d06c27e4c74dd2783f55d32d07ae2eb68fe6d5614cf979e3c16d3f467efee15169eb5a641837b93bc06733eab8e30cd85c731ea46a24266dfe87fb8a9515b25841a246e6d8df10faa34da94576a4a3e1ffc78323cc58b122c0a0993da408b82f4a311c2250483a701df3e99fba515f31791b5b8b6ee31cb92731d656b7ff43b38d3b2d9f59008a7400d6f2dece551883f32d0281395379aa42285e90dff71bad695156ba4842936f6ddcd99cdb5ef8a147a15cf6ede0eff9b5106306806574fe9b3ede36418c97ebbb1de5b7b23a453b98e10634956a34cbf40b62b4cff86935ddbdd31cf5b78e1248b19ba060cff190f1f2f178dab05e0d6395d9b1440b01ed10f5c46c903d3e2f78e9393124a981c7db5126210ce0981dfe0566d0751f3a76b66f06390a1df65218832cb33c91a1a78c67b24b4aa1a52231a6152a2483684eecf19522d5a22bde3cac03fd1de054e36325490af9081bda7b85e007e8714fa6f945257d8bbb766f612f682d19f885d054055de33423889c45157120dfde3ae504c6fd55c65fd652245fbc1d20e535da9e326341fd39bbb8f81117516747c7bd6a0e41faae21d4a7b905a6e82d4584bb56c0c2e540e7c69ce8594724b08c1ccb578617cc7f4f203f1f96011a5a3e9e4ae90ec5b7d5c1b5c682706b331c57e56966ac4017dc56e7a701c2c27657dc7fc436c4c02c51a76537bb90fffd13c1a2bb473245cbf0f34b020cc1b267ba624b09616448eabc753f3eb69256aa7f4ae3c590cca158457b1fd5e37c977ea19f30f813e0169c6b37496162134b6ea6501d6e5910a9b4b5597fd379bdceda96f016fea03ebfe375bdd60d9a61099e593706255f8b1a1048db705b304eb2f7b61737df8ddea67277059f37dc9065e71bfb49efbbbe79661afd5f58f388f02a03dcb69758237b6789fcbdc4ea2fea4132d33d777cd5193c210e345f06a1568e061b39b774ed321e435f44a54842435af0d574ceec62e3132d8b57d490d1e8f1860fbd95e6a30176af9c085760e5ecc9199df22b76069e1ec85035c69d754f399824ebd886693d897b55f139cf6053a27d6389e9158d7f187ee506c304953dcb5c0c72fa5c942933bcd0ed00127fc842cd2f50d6483faa9a775450ea4cac5a18d4c4868ca696f136c28a4703d1562167671ad50ea5e70d0c43f95992130db3ac2e97e10f614a8974650366d369437f12e598dd37f474ab5010b3dd4ef6c3a23e37db0ee18675bc16f0e0e96e50a72f3816e08dee4e9407b0906d57a7caf9539288bda2d6577e09c417c01f910f18a324bd7c1b9388fd464109a5cafa70ee2cf83197c6a0acc5e012343ce8afe4e6a94f0f55b2230c9a6acdc9b9cea5c4a06f6d4376a5d8c43a562736b617acfa01f2b8dfc0f4c25cd3f8d7c675ee2cb72d030dbe4f78805dd9589b4874093dd7b4c6b6715fd245e6d853dbbb4ffdaa4f665870f7f22ed0a9d862cff03581ff2c4bc9ee5768c7ca806460a882dd0ffc96238a22715b6a49d50df7705c2d1ad35ab7df6660ba3ded28f6bedd9dba2158c6a3cc7943d6df0bc376135ea3b9211523130ad77dd1532841a7067a77b01573952bab397520a23eac4d5f67c54ff293e14d7e21792b909fae37de019200b6dcdaf815d0c747d891de553072f7d9dec9cb0657f9f2962c0be6f122bf1d8793995ecde34a14d46acbd238d0cc0edfa3556b7a7c763f37bd162bb6d638eda49818fe97ee6f5637254ff1b31cd1c358f19b362a978b689d5661873da06124960f1b25fa2c069586584ce5c83b72c4844ad85c917e35e0fbc6f565771579997cd31fdf3e42dcc1ab17573328e6a73affe545fc82c149566cb11b439cfb804b581a12c1054d4fee14feae7d91db10348b3470e282fc93c07376e050731cbfc091e3b858a9e1679b4c92b44656802a239ef3f0b91a5649eccdbff499328e9243ba7c25aa50de56d3e0dbafcc6aeab35b64b027e36d6e7868d5f6ea7e46d7d6bc263a3f304b5642e60fa847369f6ea08bd9049822fc6f7cebac468e88db61846c417be1c78ea28691e3a58d46607597c2746b0cdcdde0c8d2f21c6f407d88f17fec2eaa290db8b4513e29439be7ddd719d712e8b01dcff54fe42563e40973ad4f1b00bc9489cd10390b63adef8101b82144370e23d92ee972b129e14a3c1945288f7ebbb67999afcda79c63bb458949b6821cb7f6888d422283de23f19de6b06109a5b9e66be004c00c45854599c4323662f51424c3ce2d10d2d75b827669a18622b7ebadf590aae33903d4c9a90e5533d9dfcb7d1f6052c77d92799caa323b7a21493357119b5e3c0b9e69ccfbf28ec7d5b99871644f35bfabbb5c143d136d906b51564b7d8fefd3d31fdbe875c733f3d70994f70fb1c70d23ecc14de56d0c5abd21cb4bff75a353baa80a04ac3a153d8d569ef4c2562067e50be7345ceafd57d7e80028880755e97520b8bcafd55e3162701fe7972f31dfe1ddc77b79e97fd7c0a3fde0c5ee973d2885f3c9148c6b872de4dbb2fc83cfb665074aaf02401f4fc4dd95dc071333bded7cfc1a1af81824dbe4da2622ffc8e78acdc82a917e76fe4e9b0b5fe4e7d38947d3dfe70e7faa1952a4ebd47de74892167dccc2f60ae8d8457e2b1e50ca63b3692fcd13cdf92e25d0fb048d1c2b7196aa2e694bef12a7d206e9aef9bfec220deec4c59283516d3b6f6735c6186af1baed16d1f6c88c4de6e1e87aadceb42d4abe5a28edff4d57f8c4dc43d9481140635ab3604f052597d5e79f524ed8774d039fd83317ce1f909b4eadeae59239526113bf414c933e7dcfa9b2f0ffd3293a013394d8522f00465207ffcb7d96f0702bd06faf0f947691747ba1a05b4dea153178390466ea1a7548ec58d6ea4042da3373b70edf2a98e8bcf30fac5a657315a36be25dbb24aa0283bac1aa63bccff625da4ccd79a30c77f443761de7eed7410700de59a00878984e11374b291fda37c7aebbb7d95aabcec51a0f3975a19e2053f5c45d5dc4be3c2d0f5391f43d3a3d14dd5a69f93d0311bd948cb18e16bbf929331de9bed528c929fecee03777021eb5ec02c6637933b266d1195da1b62d2b0df0726c7bbafab2a0ec060d3e7bebc5002209dcaf4790d38aa0a07a3979e2f489672f8d095d6a6971a5a30c61af3b3eba960974ed4a0989b1e48204fc80e0756e0f7d8c3d4f120643794234653f08d8d5bc8fa905759ca0a1b36e4b490d86d4434bbc4814d6c86a787e0098b00d04e7391e3976f9c3f665227aa7a4d66fe3a694eb8dbbab093fc6760392047eb085db0abf5326aa9611f1da7bcaea327b12b97b5683096d5f014dea74536db50710b722d4d859c399784058f20f181117a707504da274cc55b632eca9f5c225f96144856b30736f9dd40df0faa53fa90760f81a91c96484f15527fda27eb2e47defa383e70b388b3d4c2707b4fa1ec51f5a8b5689bbe9c4d3234d050bbcfddb88fecf317bcd35627693c3082f07146df8df9f3e3fef2d9a9875b6a485a53d9664fb899eb7d07b6c2bf53c605b54acbc5dd1492d8f6babf83eb734f9292a482d6772ab6274d17444b99d08e83bf3e003196c43972fe5700000000000000380c0000000000001201000006000000d4a6eae5207c05f71374a188711515145096481b3c0659d371fc254ca442cda4ee9870f70390481d797ea971e9f87a545baec6409da47388132eb4e99db05929dd3e075c98c24beab9f2c422f6bd93f33de0ec12cb1d8e96853e1da8b075c719f654e6325fc564037a91f14a077b8eb9809a067b8b2a508fc78fd96c2675f43179169597b63b05691cbbee6b45240ab40f3c59a384f00232e9f47122a1231953470a1f867144522af69b952b505c92afa10a2b0d25bb0fb419835f47c88a9e86aadba335b21372344526e14ccaca18f5094e52f2b2f4b8c13be7c87252045cf252be12e161276cc0e4a8270abd4e15d2f3f7c3de4fe49326bfede7c65a10c84c54926582615f830b1764ed7514e83b558b7a3d054050431feac7604be80863e9b5e93267635d5621e2785205437c05a1960efca88b27d79c0e070b043ae489d2ae25b8e176825804618072e8a46131a69564e58f3da24d4bbb086556058d2c3032a43314bd466bf595c0a86b618b2f77adf3bc476b7f0d4f0cd8419c3f3ae5381ba0b8ad383acd7840f2268ed5560cc9218ef43cddec1756da272e1cb8cac1444b9442e9c3757113ad5a6a76fdc870dfafaa38e925ce66b2c10be4ebdf57928c8de1ea3bb779b6a02b290409635fd2ed9bfc5a7d5d9d41b9133f5e1fbc7e52cccaccbfce4254e00ab7e49c300e11a1a924878f639c3004254fd09c3fc790a43d3b302845cec02a73b3b9e0cac54cea71d3affcaddcb439e95ad0fed8f31c9ffd15de4143ba8a1c09fcfe593941a3c8e6d52838c4f908df2c990d2e7a535ac0513a669d8067ca270832d2417e0391bf0eff867b10c1eafb8da9402263536416064d8049060b429960c05c90d66b1ba27dc67bbf701a171adcf1ba0c4cad2e2f1e101debbfd8b49d87cdb5492b95ba8f40e6e2e15552acc2e0a7f5dbc33e2f7fe90829ea8dff28d7d1489f4924da4bbeff2538a70e06520cf752cb031bebc4e2673396dc97af8ad1e143b255eb666e111326935d756508087d2f04952a7f58904c03319411b963075d7502aaa444c7326208236f43be4487caff29073e542765e9b4430e01a7ef5afbc0e5fcec9c59404548673d4e01dd7444f61300a95463d3944d76e5aec04fe97e0f3b1cc8a20c11a84c67d1f438734b58f0c471ab3e9d951ba5e70a99ec65c8c4d4c117ecc8682db449fe44ec64fbf0e7f619999b8fcbde13a06408dd7044f612f296b5374b8eb9a1818b8589574f61842721a879dfce055766f8e223cd7038fc5543bf50c9b3d0c52c0cc677e7af50ab8ed9ba83101f8d3d669fc457d7aab023601add802570d6154eeeb827304c7492d9aef54fb1077bf1a3584c65547147a1b7fa3664a61b3c8f5af0dd4817bdd9deb9854f95264ca72cb4de4195af3280487056936b818b21b2daf86e72fdd0b9e185a31e626f050b7ef74b0c33b9305834256a9f0406c4071493ec2d33cf0ea11b06a4d0db442ee5ce2732a3f4c7b77da06dfb1c640827506f91a7f4434c0209fdbd6e5bd947f5d8db740b351348197e033c8df580bde047baa2354ba6caf08a18947000df7d6ca569e4714412ac8e6ea4a0d7e45ee8793db2c39d11e592a92e51e3f06fa953ea8cce80c3cf401473585e83815be91da7b5da809fbddb2cac9cd20a84bd12ab8a050b2cc98c2d420fb7837ed057bd15cf2d8cc3e2af8542d2385963827d31e43c77239598f4c469c9ad35ef6a85606a5484426d63c8677c6e4e395bc447e492d6394cad45afb5fcb444a79302b1e450b58d8e0f953493417213283e4c1ad29a007529dcc5856d9bd4a10280cec7f9ae2e0530b69e591386c527abff28858ac8e82b3bab7084ddbda1efe5ce5c90374a55420c6184a808fccf35ada403269bbc997454a026b8ada653607eff68139fa07958e1ffe44ff358cfe37e2c44cb49a722c9fbfeb036f29625eb4bfe915d9c38beb2edd022c046f021d365b7a08039c2bb0d8a29a84bd2357b273d8c00b812b56593d83551b707b460cc4923f52c9987b2c35bc28a39a941f57171942270867bd83e4e0970b5f12932f6ad9c186be688f3e2cef0ccbf1fca39e52af019b9c8c09ddef8af1b224b14cb4ed55697e4642e6fabeb3b4f8796d7b56ba37c1b141198639c655973bd97654d60d3804d86c103def3f32dd3ed0c3ef19673421bcc40437015c31895ecb5ba0f677bb0751e7900291fa9890303ae84ce67dfa5368d2ca60577862b89b99c9a9780a86b1df2b784f182f6eba319573b7d18a604386ea727dd4b4e4c0e98b67e6034e5211ecb82a5acf74f2c0c180824b10409e8cb48d20daf375ce82ce406013741f2f0ce6da1cb1e8cd91f741687fe6dc14060d4048861132a9f321deb97d43e79e5ace8d9ff088d4107e36b650020326309d71875ea79ce6d65900d31049acc0e06e19401eef3204123c04e82628097d7968481775460c6a5a56b02b151c9f88ac91a5fc30db34c6c5ebb7e5b36bf6d29d257b281010ce44a2c8af82bb442748775283a2ebf9b9d6ec82fe6a1ffa61cd0dea3d80b9b91316ab6d5dd592fdf764afaf6bf4db07cba94ab5c0c59567f684456e635d688cd846c8c0d526a801cd307c3a3ed1a1f03df5125ccdb3fb550df3f13ab1c01426c1180918b1f375bca4ea556f21e0a09a79c072814d27b338b2062b5b3e81779b0aaddaeee851f9ece4b5c03326d5611ba39eae2cd6c0aa2a8f01d0f4e8006b7f70e2bee5ec77c1357331b6643866fc121d567cac5ebcb92eb34bd784dbf887979606e40ec335fbdd004b08f4da2611d0c43ca6c16c700c72986170c973f313aaca50e12458194738453fd8f3705ba390f6e51ce4eb7d4e7cdf03616c9d37278724624a1b073860f968cb64cc7834b08b4cf3f0cb6c4a26daab4e51b9798c0a997daec7839e5d7ca329cca6cf60fbf948e73005b8395fc2369c4a03b13b0880d4e5bb343c77e586e21cd3e9beeca9a04f87970a7dc94e84135887684deb7feb2839f45ab988972a402b1b2bf6131de05215f04ad65792c754c60c2e772be5f4e79bd601fbd00873543f29b132bd26118a3d05366b1f234a46d362b0239bf99fc1632bf156b8609a43a2899882c40388aa979051691781fb8906fd91f9fb22d979f6d24b4d95da249f2201ade9718412d2571b09b4d043c836ed40d985a95746fcc449fb298fbcd01ff6a7807db04e0fd58387f2e865c0893e146945e633b8d1b4c3a0d83eb3a4fa92546d6e2ffa2d37a06b44e080d1573a742f9958e653c6ec5d62235cf1ae8c83d39b8bac7b09986b3c9d8feadc6bc48586209324fed6d63205a33196c5d35e7c51cf38dba9ad6bd3c59baba6ec222b417db4ba0954d6fcca7e942a5fba008492bb6bcfd9ebe0c779a50f1687491398818c0d29056986ccd6f378b16da8abea80bec975ab8a7bf6fdb080e69bc2c1757079d88498148015a2f9c0f5c60b81c72517775f9ceef54df9cdc68578bf0aa3c5984793c45a42e83a49b290b9136c9d3ea0736c6cc3eaabbd533a695388654912d6955d5cdc7ae92f2d7021f9e206ca30acfcbd74006b0a62fa8b6266d1fa29d76f11d79c788e2bcd70c8326def603705fc6fcadd7e4d3fdaff0b405d26fb6cc3adde2bf24a1871c4cdb75f43a3c6cd243abf388e331c6597a08a08e4b971ab0f2c350c55106e2d33359d8ea442e5b2fccab5f986a54a8a7728eab016823311cb5b6520a578d0c4f30827e5c6ae249324ba39298671899778076284f5bbf4375f3df9bd895377fb50e743c69a25a6904bab58b3f866558015be337e6996f87e111d08cd36e6930cdbe37bc52303b848578d5db23384ce30653a80db739f5a05ea7d9eef9d786ee07623c2113f015624f3e0b37399d778333a404a0d7700a623f204ac91e388b9df8359294c653380e8ad420046801a029c735c22b69d19055111141facd11ffa0adbd6168cb92f32847d79e8ba5a607c06c6651119ab85616bb01cfa01b4c8a126a9c1c1468de3012ffbe5af7c1563de3b442bd8b10413f78ef4117b98be378a53626bea8532647641baf5c3c58a056e7e02b6bd90671a036ee10133fbdfca6e1c3f3ad9b2feda273da42fc8d3509fa608756e4d087697f55f075443920fda3865f4ea2acf869438880aeac9962892ebe327fe773e9305ea2c166c4e8da2df4c9785b8ffda444ce564dfd055e476d45276c2778f12b1553f09c60c4757071a7188aef964d0857413fcc1464d78db8e4fd895753a596a5299e7b0f119b8dd10a44f26b301a7a622eb36d2bb8a582c5f8fa790143fb51f36a8f15285c6a86b103fb5864441f8b22ed02a689863ac9bd66df3c8925b9f4bc3d3082cb50dad04ad48b6508905ca2d0822a00c237956d59f646e79e43b24cef330000000000000058000000000000002900000009000000c33114de9ca6e542dc45ec991bd2d1b9b30e4c9c7ea04562697d6dd2c14560eeb2dde296305774dda94f88b32be117008f4d115605722aacf2e0f391e7af53e1e47900000000000010100000000000000701000093980000bd0a33560047a5627fa4e0cf3d457883f5e055430e95d9d3eed0079736d127bccaeddb9a10c0b3314cafbe9b1d7ef366bff7bdb8f4a94c07a9fa6b22f25b6994bf23b2441e0296af9638901060d67b474436312945b922378ab22792275c85cfd9d453ddf5f4d41305fc3c5f3aeee3dcb58b299061c95fb7010b80d90eafa82690274dabc8ef5174c2e6dbcb03f419dee7cbc14e2256a379565cc8e0b95312cc03fe1d01e215bc789d34947c1f839d04527a095ba95736af8d6859681f821ef5a31c0f6ca87bc13458b7a99085bb4b751324a811554daaeea71102ca3c8ec2683eca595ab017a92b46cb0956788f201ef88524d7d9343adbc51a4c9d66ba39bee4422421edc9010a25c74d6a3f3e97822435f1e353567041e6d67601f4172b0f4578c316b53349ed6dff21486070687e4963e02ce14e787780bc9208fa67f55307e337213c9164e64160d45a1734085d265c87316690f74f574f9e2e8f461db77b4c0def15704148e14892cb05c7a818aef4eb533b44ace3378ef1034b7d46a6036075158f630c2c58b5127d5e5cd4aa551a9a0f6e868467dae9b4efc94759fdd4fd97a0292b104f33d8395f2a5181b5a1c975f3b6324dfc34352c94d0d8fda04e32f81d956f8caee8067e599b644f10bfe0b9d76b710cf855d54d6fccd34f6c485c16d8d4e3cdad71fdca3acaf7c00630484e34616679efae0d9bb95cd948fc493c4956ebb8d1e1c007f7928affd60c8f9df6326e8948a2508831cbd71100dde312e8cfc5e987c7b5c380c689a8430d27460810280c39bc171af1023bf25818d12b475a2c835689ba080f796d038b2526c4c9471b4fbf99ef9254fcdbc7dec56859b288780bf376f4381fdc7407ca1297d1901c85ee432f19e9dfc89c2d8473058a8ffc13ee76f893f52a0f823ee4069ec01869bfdc6ab627c4d704d8c7f193ce075fb81104361aa06bfa14c6458e9d330526dd5a4b629a015b6b61bcaf205a89f5a76be88b4652f971956683b3b5b22c78c359e7f5278dba69e08c09438be0380c8c81c7bce6cedf30a15064e6b1363809ab382f775c240a3ade838dddc4c4054d4a304a1ddf1723428abb3cf9dd9a765298f3ad22675e491a701615a8f479289f0a9eae30bda05af918b787238613028b233e1d70d82ed9b78dbc544c1081d781a0b927d2387f8720716a915b10509ef502218f675e1ca407a67633a7c170684ae6b6111c5ae5603dfd933b734902fb593d06dfe84cd94c6b3a14f39f170f8b5be74650cedbb12e3b32403805abcdd6e6b7704b8c65f6b525fd25767792ebe9d6e254fa24c2ab16fb1eef38e12517ef5639c64808548e6a3f99895ae3fd09ea41f53c4d9b9444e39427712964c7cf4f7548e2af946f7de1ea74e0e4c95ab913a18e52bdf4217f43cce73fe9ddede0fbd21cfa084b24c0b893206b97bde38634d0aad46340c690fc439a09d40f93658e7b4100639719134d50d75b93399a2ccc6e702e6339d05064c8740b7b65b8b35ae177760fba281375a769e48ad68fcf701864f721ea1e492ca3f258b4155340c925b5011fa1c1e68d22d9cd43d9575a8de74beed960481f249c99307509b3500d"], 0x2d68}, 0x0, 0xe3d08660d7cd4684})
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r3 = openat$cgroup_ro(r0, &(0x7f0000000200)='devices.list\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f00000005c0)={'#! ', './cgroup.cpu/cgroup.procs', [{0x20, '/}C\x00\x00\x00\x00'}, {0x20, ' \xe2\x96p\x8c\x84g\xa8=\x16T}\x9d\x1a7\xbeyt\xdbX\xe6\a\x10\xdc\x03\xbfW^S\xa9\xd9\xb1\xd4B\x99}\xbd\xf5\x99\x1b\x8d\xc9Gl\x1fq\x80\xc9\xf7\xc6\xb3\xfc\x8e\x83\x80\xc51\x8f\xc9\x8c\xe4\xfe\x03\xda\x13\xf8zo\xab\xf4\xd82\xa6v\xfd\x17f\xd5\xe0Sa\x8b\xc3\xe6\x96\x06\xc3(D\xa1\x1f\xf6\xaf\xc7\x8e]\xcf\xe6\xe57\xd7\xa4\x7f\xf1\xce\x0f\x8e\x176Vs~B[\x1c\n\x90\x009bm\xeb\xf4B\xfd\x91\x14\n\x15:\xb59G\xacT\xf3\xf1\xa0\x8f\x1bQN\xcdfB\x1a\x0f\xdf\xd0\xf9\x95?\x83\xdf>\xe6\xd1\xde\x1a\x04 7\xa7\x17\xaemR\xcc:\xd3V\x82n\xf8\xdb\xd0F'}, {0x20, '\x02\x00y\x88\xec|f^P\x7f\x1a\x00\x00\x00\x00\x00'}, {0x20, '\x00'}, {}, {0x20, '\x00\x00'}, {0x20, '/dev/btrfs-control\x00'}, {0x20, '\x1d#[.).,}-'}, {0x20, '&^$'}, {0x20, '\x00'}], 0xa, "d5a6951e6e9dd1b27845c907b40ad7ec7a72e6ffe3b40b850000000000000000a284d869130473999f2f00000000"}, 0x140)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r3, 0xb5754000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
socket(0x10, 0x3, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r0, 0xc01064c1, &(0x7f00000001c0)={0x0, 0x1, <r4=>0xffffffffffffffff})
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r5, 0x50009405, &(0x7f0000000180))
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, 0x0)
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

2.397891725s ago: executing program 3 (id=2106):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000023c0)={0x348, 0x2e, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x119}, @nested={0x334, 0x11, 0x0, 0x1, [@nested={0x330, 0xcf, 0x0, 0x1, [@nested={0x32b, 0x146, 0x0, 0x1, [@generic="f5ef56146c91147563276660e594de86923b901b9c31b5127825f1868b4db9469c2df41906c1f5ee49", @typed={0x8, 0x124, 0x0, 0x0, @u32=0x7}, @nested={0x1ee, 0x6c, 0x0, 0x1, [@generic="8b82111c59f6", @nested={0x1d0, 0x10f, 0x0, 0x1, [@nested={0x1c9, 0x11b, 0x0, 0x1, [@generic="44e4ba7c0b0ff113b095b181686c69e6901606a6035b241060d1ba9b116c80da82d5b88cc6363112ecfcfe146d3396e45fbbf0a08b22fd28c11b96cceeebb143edb758f38e41e6198a4aac1b4f64403c0297fdc66d55feb17b3a47961e32432008a761d761630abd62e074f1aeda6ad0a673e1e2f1ef46c79d906ae0a1b56a1cb49371c5044e8535c676535532d332e91b4270db1184a76120ede03ed5473adf06033298dbeef6a61dc38f79dcbab66a59547791ab5c867c0e0244d06d7eeb09d3b84e9bad5626f647e62bd3f0", @typed={0x5, 0x6b, 0x0, 0x0, @str='\x00'}, @typed={0xc, 0x105, 0x0, 0x0, @u64=0xfffffffffffffffd}, @typed={0xc1, 0x82, 0x0, 0x0, @binary="9da6d2cfd0d56814fd84a9b4e09bfefb7e71aa6b1338a2f4b0bcf5b7da34e38272c0fb396e8da9fe6bafa86982b217883dc0a99d6f8cc8d02d65ac33bf40d09bc28a90cbe72d692943aa8ec74169b9f54f99da2135cef1a3b948b4bb65653d617abfa325b7ece7ef3a395ab715205e14add6497c4d4ccd9950c466a2121433263671d206265ab7a4afb86bcfc88d39c8da199e34acdfd9f19a20d74af1508d9ef7e25cbdbcb597005c8fd2c532208d87b50f917122d979574773357159"}, @generic="ea8e54f0deb6d4df4fed8cacb160ad53bc0360eeda91dd56", @typed={0x8, 0xb8, 0x0, 0x0, @pid}]}]}, @nested={0x4, 0xef}, @nested={0x4}, @typed={0x4, 0xfe}, @nested={0x4, 0x87}, @nested={0x4, 0x76}]}, @typed={0x8, 0x65, 0x0, 0x0, @pid}, @generic="db89061eb9fbad2bf82b2a9418649da868c869b4397ab66e7f39863979f0bdf348067f0b5606ca8cdcb5b5080280648f010c688d62984d051b094fe343cb1fa22295cdcf66ca2b1cc8152ecb85f43f28d04aa546812ddb957608dc2f3b52e0e98745cc4aa9b20ab28754d0d7c05b9139d8ff8509fbe0d7d56d5710ea94b935782d99259af1a87cf89bcca8f33c9878df0b153753b7ccc2d3d65b5d8e92f7230c8b3b3d434ce7cd2f1e8dbf2cbfca3103a770996f13ed41af6f046964853f276bf8c18987b616eb8c1c752f52389cd54b7a7874ba1d9b4d2612518c8c3c9220ded49fd5ff56d71b5b5569f9421c6d", @typed={0x8, 0xb8, 0x0, 0x0, @u32=0xfffffff8}, @typed={0x8, 0x98, 0x0, 0x0, @fd=r0}]}]}]}]}, 0x348}], 0x1, 0x0, 0x0, 0x84}, 0x300)

2.397106042s ago: executing program 4 (id=2107):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224000100000000090400000903000000092100000001222200090581"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0x16}, @l2cap_cid_le_signaling={{0x12}, @l2cap_ecred_conn_req={{0x17, 0x9, 0xe}, {0x1, 0x8, 0x9, 0x800, [0x7, 0x67b, 0x4]}}}}, 0x1b)
pipe2$9p(&(0x7f0000000140), 0x80000)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x0, 0x0, 0x2b, @empty, @empty}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000080)=0xd, 0x4)
sendto$inet6(r5, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x18115, @rand_addr, 0x983a}, 0x1c)
pipe(&(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001100), 0x80942, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000080)=0xd)
getsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000b80)={{{@in=@dev, @in=@local}}, {{@in=@multicast1}, 0x0, @in=@broadcast}}, &(0x7f0000000c80)=0xa9)
getgroups(0x2, &(0x7f0000000cc0)=[0xee00, 0xee01])
stat(&(0x7f0000000d00)='./file0\x00', &(0x7f0000000d40))
splice(r5, 0x0, r7, 0x0, 0x406f413, 0x0)
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000100)=""/101)

2.358162219s ago: executing program 2 (id=2108):
r0 = socket$packet(0x11, 0x2, 0x300)
syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180)={0x20, 0xff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2, 0x0, 0x93}, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$igmp(0x2, 0x3, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000340)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet6(r1, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
shutdown(r1, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3b, 0x1000, 0x3a, 0x7ff, 0xf83, 0x4682}, 0x1c)
syz_emit_ethernet(0x19, &(0x7f0000000b40)={@broadcast, @remote, @val={@val={0x88a8, 0x1, 0x1}, {0x9900, 0x3, 0x0, 0x205}}, {@mpls_mc={0x9900, {[], @llc={@llc={0x0, 0xd4, "e0"}}}}}}, 0x0)
r5 = socket(0xa, 0x3, 0xff)
syz_emit_ethernet(0x101, &(0x7f0000000380)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@llc={0x4, {@snap={0x1, 0xab, '\t', "e0aeb9", 0x88ca, "2aaba87be3d04cf7504a614c4107a233eb5776fe1829c57a67ccb95123739b4f404943b0f80e65ad61433e8e50ce212f6ae53de8d5cfedcfe9c1aa53bb70fbf53dcc113c49c5eb539ef250f4c6f019e622eabc09b34c00f340648f1a2f3f26e80d26680539dce4a406a7a0b94461bf8a4c5fa86bb63d19f019e8489102c9d7fcfb5769f4a825f4a010a4137f86e37b2f4265d78ee8e286d553d7c5a1d3f7383442bbd80ab2aa995a0c3681a367c656168bdea9823db890eaf73ebcd2c7eecb453cbd0791c0c488d67249772d146fedef2128ca21549abd0814dd3a3684509f7ff8dc460c3b6f49d40c8412"}}}}}, 0x0)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e20, 0x4000, @mcast1, 0x4000002}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f00000001c0)={@random="cfb14e407d33", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, 'z&-', 0x38, 0x3a, 0x1, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x8001, {0x2, 0x6, "081331", 0x9, 0xff, 0x0, @loopback, @loopback, [@fragment={0x3b, 0x0, 0xe, 0x0, 0x0, 0x3, 0x65}]}}}}}}}, 0x0)

2.203409537s ago: executing program 3 (id=2109):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$kcm(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000400)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$read(0x16, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$nfc_llcp(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000580)={{{@in6=@empty, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e22, 0x4, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x2c}, {0x2c5f00000000, 0x9, 0xe2, 0x9, 0x3, 0x9, 0x4, 0x2}, {0x8, 0x0, 0x8, 0x2}, 0xf, 0x6e6bc0, 0x0, 0x1, 0x2, 0x3}, {{@in=@empty, 0x4d6, 0x3c}, 0xa, @in6=@loopback, 0x3505, 0x3, 0x2, 0xfb, 0x8000, 0xfffffbb8}}, 0xe8)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000040)={0x0, 0x2, 0xad8})
r4 = openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x8002)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f8, 0x118, 0xc8, 0x8, 0x0, 0x5803, 0x228, 0x2e8, 0x2e8, 0x228, 0x2e8, 0x3, 0x0, {[{{@ipv6={@mcast2, @private0, [0xffffffff, 0xffffff00, 0xff, 0xff], [0xff, 0xff, 0x0, 0xff000000], 'wlan0\x00', 'syzkaller1\x00', {}, {0xff}, 0x32, 0x3, 0x3, 0x4}, 0x0, 0xd8, 0x118, 0x0, {0x0, 0x2000000000000}, [@common=@inet=@esp={{0x30}, {[0x4d4, 0x4d3], 0x1}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x81, 0xff, {0x4}}}}, {{@uncond, 0x0, 0xd8, 0x110, 0x0, {}, [@common=@frag={{0x30}, {[0x6, 0x4], 0x81, 0x32, 0x1}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x3, 0x1}, {0x1, 0x4, 0x4}, {0x0, 0x3, 0x1}, 0x4, 0x101}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x358)
write$binfmt_aout(r4, &(0x7f0000000380)=ANY=[@ANYBLOB], 0xc8)
dup3(r4, 0xffffffffffffffff, 0x0)
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="380000090000000800000000000000429f60c28d0ed6a2117a3ddfd05d048008000140000000020c00048008000140000000810900010073797a3100000000"], 0x38}, 0x1, 0x0, 0x0, 0x40010}, 0x1)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000940)=ANY=[@ANYBLOB="680000001000030500f0e66f15000000000000009c53e0938f6e313501917d4692a55fff26e588b563fead77cba19647380b25d4d10b63892d19092840c0d19697c7fac0906623a5c7430afa8267a42037acb36f92eed32614177fb8feeb45fb190231ce1475f300d98d34a7e6840f8fb221191508e6811b6250e1847e21a53e641db849a4d56431dcf9289163c7d244d471ca6664ae8507979b642fe8d89158bf23f7425673ea53ce7626deb11eb42525babdb2a4d3dc289d6fcabe8918365cc39769aca4b77fcf455c158e70402210fd93ad7185ae8d38a5aff7f69a346f75f4e89294ffddee592948a49ab0283b6a9d9c41f7d20568b56a5222001c852e212f9d8b17bbee4f49cc97a2dc44f0e05cafc46a215fa1c7ee542c237bad8f882dde98b583315f58b475", @ANYRES32=0x0, @ANYRES32], 0x68}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

1.214211969s ago: executing program 2 (id=2110):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x281, 0x20)
ioctl$TIOCSSOFTCAR(r1, 0x5453, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000080)=0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0900000004000000dd0000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000010000000000000000000000000000000000000000984fd884e861b46521c19bfe47592e9c78bbbbaae7bf71e502e94a69592b9675924760382834d0fb42dd4f30b4ad00079aafde0237f158"], 0x50)

1.108624254s ago: executing program 3 (id=2111):
syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = fsopen(&(0x7f0000000380)='udf\x00', 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0d05604, &(0x7f0000000240)={0x1, @sdr={0x34325258, 0xb}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000580)={0x458, 0x7d, 0x3, {{0x500, 0x317, 0x4000, 0x0, {0x0, 0x0, 0x8}, 0xa0780000, 0x9, 0x0, 0x8, 0x1b, '\x04nodev{evoo~%9\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x260, 'u\xaf\xf5@\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1e\xe1,\xeaHY|fFF\xc9\xa7\x0f>I%3q\xc0B8wE\x8c\xe9C\xc5\xef\x03\xb9\x14e\x1f\xa3\xb8OAik\x90\x14\x16#\xd7\xc1CD\x190\xdf\xf2V\xf6\xe8\xd4\x83]\x9b;\xa5\xa7tKP\xbe \x96x7\x83&\x18OJ\xc3\xe0\xc3h\x1b\xb9Pu\xf3\x84}+s,\xd9\xbd\x96\xfb\x98M\x84\xe6\x9b\xa9\x92\'\x93\xd2c\x84\x86\xd6x\x0e\v\x85#e\xf08\xb0\f\x11\xc5\xd4Y\bC\xbcr\xa5\x9f\xa4\xa3s\x12\x9e28*\x15\xcfl\x88W\t\xfa\x1asD\x8d\x94\xde\x89e\x1e\xc2\x8c;\xdc\xc3\xd3\xb9Y\xbd~\xd0q\xabZ[\xe0\xfa)\x1c\xf1\x15\xab\xf0\x84\xc7\xbd\xfa\x15\f\xb8\xe4\xaa\xe2\xce\xbf\x98{\"H\x80kE\x9bZ_\xddZ\xa5\xbb\x90\xa5~\xe1\xf4\xe3TK\xd6\xd1\xb4\xca\x13yus\x80\x80\xc4hgJks\xa3\xdf(%n\a\x003!,\'{\x1d\xc1u\x81\xf4\xc6\xdd\xde\xf3\xaa\xe3\xadm\xca\xed\xf4\xf6\x7f\xdd7\x94\x83/\x89M\x10l\x9e\x8d\xfc\xd2c\xcc\t\xc0\\\x15\xe6\xc4\xbf\xb0\xdfmZ\xd6\a\xee\a\x05\xea\xcc\x8a \xaa\xfe\xfc\"\x88_\xb6\x1e\xf5{\xc8\f0T\x02t`\xf6G\xd1#\xd4\x8a_\xfcg8\xab\xe1\xc9@\t\x96xE-\xca\\\xc1v\xb6\xb6m\xcaV^\xe7\x83%\xb9!dn\xa0\xd8`\x0f\x1e/}\xfc\xd0`\xd4\xb7\xfe\xf2\xe0\xcd\xd3t^\x90\x9a\x14\xaa\x03W\x03\xe8m\xd9[<\x82O>{$\xfb(\x7f\xe8\xb3\xe3\x19w2\xf2c\x8a\xec\x8do\xa5\x9d\xa7\xc1D\xb3\xa1$[+5!\n\x0el:\xb2\x1e\xea#\xa4\xde#\xf2q\x8a\b\"\x8f\x12d\x8a\xf5\xb2\x9f\x91\xdb\"~z\xfa\x03M\xf1<_\xbf\x10k\x97\xa3\x00$\x84\xb4\xab\xbfqh\xc32\x183\xfe\xe63\x99\xad\x1e\xbb}\xd0{\xd7t\x8c\x83\x87\xf6\xd5\x04\xbf\xb9\x88,\x92\x8bA\x95\xba\xf7\xb85\xaap\x06\xe4\xb3\xd8\xb7Q\xec\xe4\x1f\xc8\x18\xbc^\xee\xe6\x972\xe2\x12\x91C\x00<,\x894\xb2\x04\x05\x04\xf7[y\n\xbf5\\Ag\xe5\xd8\xed?KF\xb6\'\xf0\xbb\x80:9\x00'/608, 0x14, '\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e<]\xb4Z', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x458)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000001d80)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000c0], 0x11, 0x0, &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108)
getresuid(0x0, 0x0, 0x0)
setuid(0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000040)={0x24, r7, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xffffffe0}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x801)
sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r7, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r8}, @void}}}, 0x28}}, 0x0)
recvfrom$inet(r0, 0x0, 0x0, 0x720, 0x0, 0x0)

1.083182138s ago: executing program 0 (id=2112):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r1 = getpgrp(0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ptrace$setregset(0x4205, r1, 0x202, &(0x7f0000000180)={&(0x7f0000000080)})
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000023c0)={0x34c, 0x2e, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x119}, @nested={0x338, 0x11, 0x0, 0x1, [@nested={0x334, 0xcf, 0x0, 0x1, [@nested={0x32f, 0x146, 0x0, 0x1, [@generic="f5ef56146c91147563276660e594de86923b901b9c31b5127825f1868b4db9469c2df41906c1f5ee49", @typed={0x8, 0x124, 0x0, 0x0, @u32=0x7}, @nested={0x1f2, 0x6c, 0x0, 0x1, [@generic="8b82111c59f6", @nested={0x1d0, 0x10f, 0x0, 0x1, [@nested={0x1c9, 0x11b, 0x0, 0x1, [@generic="44e4ba7c0b0ff113b095b181686c69e6901606a6035b241060d1ba9b116c80da82d5b88cc6363112ecfcfe146d3396e45fbbf0a08b22fd28c11b96cceeebb143edb758f38e41e6198a4aac1b4f64403c0297fdc66d55feb17b3a47961e32432008a761d761630abd62e074f1aeda6ad0a673e1e2f1ef46c79d906ae0a1b56a1cb49371c5044e8535c676535532d332e91b4270db1184a76120ede03ed5473adf06033298dbeef6a61dc38f79dcbab66a59547791ab5c867c0e0244d06d7eeb09d3b84e9bad5626f647e62bd3f0", @typed={0x5, 0x6b, 0x0, 0x0, @str='\x00'}, @typed={0xc, 0x105, 0x0, 0x0, @u64=0xfffffffffffffffd}, @typed={0xc1, 0x82, 0x0, 0x0, @binary="9da6d2cfd0d56814fd84a9b4e09bfefb7e71aa6b1338a2f4b0bcf5b7da34e38272c0fb396e8da9fe6bafa86982b217883dc0a99d6f8cc8d02d65ac33bf40d09bc28a90cbe72d692943aa8ec74169b9f54f99da2135cef1a3b948b4bb65653d617abfa325b7ece7ef3a395ab715205e14add6497c4d4ccd9950c466a2121433263671d206265ab7a4afb86bcfc88d39c8da199e34acdfd9f19a20d74af1508d9ef7e25cbdbcb597005c8fd2c532208d87b50f917122d979574773357159"}, @generic="ea8e54f0deb6d4df4fed8cacb160ad53bc0360eeda91dd56", @typed={0x8, 0xb8, 0x0, 0x0, @pid}]}]}, @nested={0x4, 0xef}, @nested={0x4}, @typed={0x4, 0xfe}, @nested={0x4, 0x62}, @nested={0x4, 0x87}, @nested={0x4, 0x76}]}, @typed={0x5e, 0x65, 0x0, 0x0, @pid}, @generic="db89061eb9fbad2bf82b2a9418649da868c869b4397ab66e7f39863979f0bdf348067f0b5606ca8cdcb5b5080280648f010c688d62984d051b094fe343cb1fa22295cdcf66ca2b1cc8152ecb85f43f28d04aa546812ddb957608dc2f3b52e0e98745cc4aa9b20ab28754d0d7c05b9139d8ff8509fbe0d7d56d5710ea94b935782d99259af1a87cf89bcca8f33c9878df0b153753b7ccc2d3d65b5d8e92f7230c8b3b3d434ce7cd2f1e8dbf2cbfca3103a770996f13ed41af6f046964853f276bf8c18987b616eb8c1c752f52389cd54b7a7874ba1d9b4d2612518c8c3c9220ded49fd5ff56d71b5b5569f9421c6d", @typed={0x8, 0xb8, 0x0, 0x0, @u32=0xfffffff8}, @typed={0x8, 0x98, 0x0, 0x0, @fd=r2}]}]}]}]}, 0x34c}], 0x1, 0x0, 0x0, 0x84}, 0x300)

1.064136328s ago: executing program 1 (id=2113):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000580)=0x2)
sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f00000292c0)=""/102400, 0x19000)
getpriority(0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff}, 0x13f, 0x1}}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00'})
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000000)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000080), r4, 0x0, 0x3, 0x1}}, 0x20)
r6 = accept4(r2, 0x0, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, 0x0)
sendmsg$nl_route_sched_retired(r6, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r6, 0x0, 0x0, 0x2023, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/12], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000190a01"], 0x20}}, 0x8004)
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x4a8500)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18"], 0x0, 0x7de, 0x0, 0x0, 0x0, 0x1a}, 0x94)
r7 = socket(0x200000000000011, 0x2, 0xd)
bind$packet(r7, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r8, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r8, 0x4008af03, 0x0)

0s ago: executing program 3 (id=2114):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket(0x25, 0x5, 0x4)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x49a6, 0x400, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x9685, 0x0, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090504fb8d"], 0x0)

kernel console output (not intermixed with test programs):

d8 64 89 01 48
[  640.185752][T12585] RSP: 002b:00007f30eb645038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  640.185763][T12585] RAX: ffffffffffffffda RBX: 00007f30ea9e6090 RCX: 00007f30ea78f6c9
[  640.185770][T12585] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000005
[  640.185777][T12585] RBP: 00007f30ea811f91 R08: 0000000000000000 R09: 0000000000000000
[  640.185783][T12585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  640.185790][T12585] R13: 00007f30ea9e6128 R14: 00007f30ea9e6090 R15: 00007ffe06f71ce8
[  640.185805][T12585]  </TASK>
[  640.566514][    C0] vkms_vblank_simulate: vblank timer overrun
[  640.655714][  T778] usb 2-1: usb_control_msg returned -32
[  640.661394][  T778] usbtmc 2-1:16.0: can't read capabilities
[  640.903396][ T5817] usb 4-1: new full-speed USB device number 70 using dummy_hcd
[  641.045156][T12591] vivid-004: disconnect
[  641.388776][T12592] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1733'.
[  641.466895][ T5817] usb 4-1: unable to get BOS descriptor or descriptor too short
[  641.475850][ T5817] usb 4-1: not running at top speed; connect to a high speed hub
[  641.485598][ T5817] usb 4-1: config 129 has an invalid interface number: 135 but max is 0
[  641.495349][ T5817] usb 4-1: config 129 has an invalid interface number: 5 but max is 0
[  641.503596][ T5817] usb 4-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  641.513270][ T5817] usb 4-1: config 129 has no interface number 0
[  641.519691][ T5817] usb 4-1: config 129 has no interface number 1
[  641.526395][ T5817] usb 4-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  641.539826][ T5817] usb 4-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  641.551276][ T5817] usb 4-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  641.564629][ T5817] usb 4-1: config 129 interface 135 has no altsetting 0
[  641.571762][ T5817] usb 4-1: config 129 interface 5 has no altsetting 0
[  641.582976][ T5817] usb 4-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[  641.592346][ T5817] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.600525][ T5817] usb 4-1: Product: syz
[  641.604993][ T5817] usb 4-1: Manufacturer: syz
[  641.609661][ T5817] usb 4-1: SerialNumber: syz
[  641.707444][T12588] vivid-004: reconnect
[  641.857175][ T5817] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  641.865043][ T5817] usb 4-1: MIDIStreaming interface descriptor not found
[  642.018940][ T5817] usb 4-1: USB disconnect, device number 70
[  642.520854][ T5878] usb 2-1: USB disconnect, device number 57
[  642.857392][T12611] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1746'.
[  642.968907][ T5878] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  643.027580][T12612] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  643.039587][T12612] CPU: 0 UID: 0 PID: 12612 Comm: syz.3.1745 Not tainted syzkaller #0 PREEMPT(full) 
[  643.039612][T12612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  643.039625][T12612] Call Trace:
[  643.039632][T12612]  <TASK>
[  643.039640][T12612]  dump_stack_lvl+0x16c/0x1f0
[  643.039663][T12612]  sysfs_warn_dup+0x7f/0xa0
[  643.039680][T12612]  sysfs_do_create_link_sd+0x124/0x140
[  643.039696][T12612]  sysfs_create_link+0x61/0xc0
[  643.039710][T12612]  device_add+0x62c/0x1aa0
[  643.039726][T12612]  ? __pfx_device_add+0x10/0x10
[  643.039738][T12612]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  643.039754][T12612]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  643.039775][T12612]  wiphy_register+0x1eb0/0x2b20
[  643.039786][T12612]  ? netdev_run_todo+0x864/0x1320
[  643.039807][T12612]  ? __pfx_wiphy_register+0x10/0x10
[  643.039827][T12612]  ieee80211_register_hw+0x253d/0x4120
[  643.039845][T12612]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  643.039857][T12612]  ? __pfx___debug_object_init+0x10/0x10
[  643.039882][T12612]  ? find_held_lock+0x2b/0x80
[  643.039897][T12612]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  643.039911][T12612]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  643.039930][T12612]  ? __hrtimer_setup+0x176/0x280
[  643.039948][T12612]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  643.039973][T12612]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  643.039997][T12612]  ? __asan_memcpy+0x3c/0x60
[  643.040025][T12612]  hwsim_new_radio_nl+0xba2/0x1330
[  643.040041][T12612]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  643.040061][T12612]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  643.040073][T12612]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  643.040088][T12612]  genl_family_rcv_msg_doit+0x209/0x2f0
[  643.040101][T12612]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  643.040117][T12612]  ? bpf_lsm_capable+0x9/0x10
[  643.040129][T12612]  ? security_capable+0x7e/0x260
[  643.040146][T12612]  ? ns_capable+0xd7/0x110
[  643.040160][T12612]  genl_rcv_msg+0x55c/0x800
[  643.040173][T12612]  ? __pfx_genl_rcv_msg+0x10/0x10
[  643.040184][T12612]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  643.040205][T12612]  netlink_rcv_skb+0x158/0x420
[  643.040221][T12612]  ? __pfx_genl_rcv_msg+0x10/0x10
[  643.040233][T12612]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  643.040255][T12612]  ? netlink_deliver_tap+0x1ae/0xd30
[  643.040269][T12612]  ? __rcu_read_unlock+0x2bc/0x550
[  643.040283][T12612]  genl_rcv+0x28/0x40
[  643.040299][T12612]  netlink_unicast+0x5aa/0x870
[  643.040317][T12612]  ? __pfx_netlink_unicast+0x10/0x10
[  643.040338][T12612]  netlink_sendmsg+0x8c8/0xdd0
[  643.040356][T12612]  ? __pfx_netlink_sendmsg+0x10/0x10
[  643.040378][T12612]  ____sys_sendmsg+0xa98/0xc70
[  643.040389][T12612]  ? copy_msghdr_from_user+0x10a/0x160
[  643.040404][T12612]  ? __pfx_____sys_sendmsg+0x10/0x10
[  643.040418][T12612]  ? __pfx_futex_wake_mark+0x10/0x10
[  643.040433][T12612]  ___sys_sendmsg+0x134/0x1d0
[  643.040446][T12612]  ? futex_private_hash_put+0x176/0x300
[  643.040463][T12612]  ? __pfx____sys_sendmsg+0x10/0x10
[  643.040476][T12612]  ? __lock_acquire+0x622/0x1c90
[  643.040512][T12612]  __sys_sendmsg+0x16d/0x220
[  643.040527][T12612]  ? __pfx___sys_sendmsg+0x10/0x10
[  643.040541][T12612]  ? __x64_sys_futex+0x1e0/0x4c0
[  643.040561][T12612]  do_syscall_64+0xcd/0xfa0
[  643.040573][T12612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.040584][T12612] RIP: 0033:0x7f8b7338f6c9
[  643.040594][T12612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  643.040604][T12612] RSP: 002b:00007f8b74169038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  643.040616][T12612] RAX: ffffffffffffffda RBX: 00007f8b735e6090 RCX: 00007f8b7338f6c9
[  643.040623][T12612] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000006
[  643.040631][T12612] RBP: 00007f8b73411f91 R08: 0000000000000000 R09: 0000000000000000
[  643.040638][T12612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  643.040644][T12612] R13: 00007f8b735e6128 R14: 00007f8b735e6090 R15: 00007fff9f4d65b8
[  643.040660][T12612]  </TASK>
[  643.434045][    C0] vkms_vblank_simulate: vblank timer overrun
[  643.966746][ T5878] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  644.027558][ T5878] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  644.054945][ T5878] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  644.089675][ T5878] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  644.105114][ T5878] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.142493][ T5878] usb 2-1: config 0 descriptor??
[  645.875801][   T30] audit: type=1804 audit(1762532582.735:803): pid=12633 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.1752" name="/newroot/366/file0" dev="tmpfs" ino=1966 res=1 errno=0
[  646.450566][ T5878] usbhid 2-1:0.0: can't add hid device: -71
[  646.456589][ T5886] usb 3-1: new full-speed USB device number 57 using dummy_hcd
[  646.539063][ T5878] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  646.548575][  T778] IPVS: starting estimator thread 0...
[  646.571106][ T5878] usb 2-1: USB disconnect, device number 58
[  646.600684][ T5817] usb 1-1: new full-speed USB device number 54 using dummy_hcd
[  646.749822][T12641] IPVS: using max 50 ests per chain, 120000 per kthread
[  646.968813][ T5886] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  646.980021][ T5886] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  646.998486][ T5817] usb 1-1: unable to get BOS descriptor or descriptor too short
[  647.006900][ T5886] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  647.016464][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.049488][ T5817] usb 1-1: not running at top speed; connect to a high speed hub
[  647.058710][ T5817] usb 1-1: config 129 has an invalid interface number: 135 but max is 0
[  647.067916][ T5817] usb 1-1: config 129 has an invalid interface number: 5 but max is 0
[  647.076532][ T5817] usb 1-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  647.085907][ T5817] usb 1-1: config 129 has no interface number 0
[  647.092449][ T5817] usb 1-1: config 129 has no interface number 1
[  647.099554][ T5817] usb 1-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  647.114024][ T5817] usb 1-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  647.136116][ T5817] usb 1-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  647.149722][ T5817] usb 1-1: config 129 interface 135 has no altsetting 0
[  647.157663][ T5817] usb 1-1: config 129 interface 5 has no altsetting 0
[  647.196552][ T5817] usb 1-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[  647.228240][ T5817] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  647.238990][ T5817] usb 1-1: Product: syz
[  647.244004][ T5817] usb 1-1: Manufacturer: syz
[  647.250330][ T5817] usb 1-1: SerialNumber: syz
[  647.276490][ T5886] usb 3-1: usb_control_msg returned -32
[  647.290744][ T5886] usbtmc 3-1:16.0: can't read capabilities
[  647.300812][  T778] usb 4-1: new full-speed USB device number 71 using dummy_hcd
[  647.502703][  T778] usb 4-1: unable to get BOS descriptor or descriptor too short
[  647.536410][  T778] usb 4-1: not running at top speed; connect to a high speed hub
[  647.562887][T12655] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1757'.
[  647.583189][  T778] usb 4-1: config 129 has an invalid interface number: 135 but max is 0
[  647.597175][  T778] usb 4-1: config 129 has an invalid interface number: 5 but max is 0
[  647.608167][ T5817] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  647.616965][ T5817] usb 1-1: MIDIStreaming interface descriptor not found
[  647.623990][  T778] usb 4-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  647.647813][  T778] usb 4-1: config 129 has no interface number 0
[  647.659448][T12657] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1753'.
[  647.694355][ T5817] usb 1-1: USB disconnect, device number 54
[  647.714670][  T778] usb 4-1: config 129 has no interface number 1
[  647.793848][  T778] usb 4-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  648.057916][  T778] usb 4-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  648.105052][  T778] usb 4-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  648.139906][  T778] usb 4-1: config 129 interface 135 has no altsetting 0
[  648.165449][  T778] usb 4-1: config 129 interface 5 has no altsetting 0
[  648.205613][  T778] usb 4-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[  648.215113][  T778] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.224747][  T778] usb 4-1: Product: syz
[  648.243169][  T778] usb 4-1: Manufacturer: syz
[  648.292963][  T778] usb 4-1: SerialNumber: syz
[  648.593400][  T778] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  648.601689][  T778] usb 4-1: MIDIStreaming interface descriptor not found
[  648.662762][  T778] usb 4-1: USB disconnect, device number 71
[  648.794308][ T5878] usb 3-1: USB disconnect, device number 57
[  649.008361][T12669] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1760'.
[  649.110006][T12676] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1762'.
[  649.639231][T12689] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  649.652118][T12689] CPU: 0 UID: 0 PID: 12689 Comm: syz.1.1765 Not tainted syzkaller #0 PREEMPT(full) 
[  649.652144][T12689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  649.652156][T12689] Call Trace:
[  649.652164][T12689]  <TASK>
[  649.652172][T12689]  dump_stack_lvl+0x16c/0x1f0
[  649.652208][T12689]  sysfs_warn_dup+0x7f/0xa0
[  649.652233][T12689]  sysfs_do_create_link_sd+0x124/0x140
[  649.652253][T12689]  sysfs_create_link+0x61/0xc0
[  649.652272][T12689]  device_add+0x62c/0x1aa0
[  649.652293][T12689]  ? __pfx_device_add+0x10/0x10
[  649.652310][T12689]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  649.652332][T12689]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  649.652359][T12689]  wiphy_register+0x1eb0/0x2b20
[  649.652374][T12689]  ? netdev_run_todo+0x864/0x1320
[  649.652402][T12689]  ? __pfx_wiphy_register+0x10/0x10
[  649.652429][T12689]  ieee80211_register_hw+0x253d/0x4120
[  649.652455][T12689]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  649.652470][T12689]  ? __pfx___debug_object_init+0x10/0x10
[  649.652498][T12689]  ? __hrtimer_setup+0xd0/0x280
[  649.652513][T12689]  ? __hrtimer_setup+0x176/0x280
[  649.652531][T12689]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  649.652552][T12689]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  649.652567][T12689]  ? __hrtimer_setup+0x176/0x280
[  649.652585][T12689]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  649.652619][T12689]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  649.652640][T12689]  ? __asan_memcpy+0x3c/0x60
[  649.652666][T12689]  hwsim_new_radio_nl+0xba2/0x1330
[  649.652688][T12689]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  649.652715][T12689]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  649.652731][T12689]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  649.652751][T12689]  genl_family_rcv_msg_doit+0x209/0x2f0
[  649.652767][T12689]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  649.652789][T12689]  ? bpf_lsm_capable+0x9/0x10
[  649.652810][T12689]  ? security_capable+0x7e/0x260
[  649.652833][T12689]  ? ns_capable+0xd7/0x110
[  649.652852][T12689]  genl_rcv_msg+0x55c/0x800
[  649.652869][T12689]  ? __pfx_genl_rcv_msg+0x10/0x10
[  649.652885][T12689]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  649.652911][T12689]  ? __lock_acquire+0x622/0x1c90
[  649.652939][T12689]  netlink_rcv_skb+0x158/0x420
[  649.652962][T12689]  ? __pfx_genl_rcv_msg+0x10/0x10
[  649.652978][T12689]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  649.653008][T12689]  ? netlink_deliver_tap+0x1ae/0xd30
[  649.653031][T12689]  genl_rcv+0x28/0x40
[  649.653051][T12689]  netlink_unicast+0x5aa/0x870
[  649.653075][T12689]  ? __pfx_netlink_unicast+0x10/0x10
[  649.653105][T12689]  netlink_sendmsg+0x8c8/0xdd0
[  649.653130][T12689]  ? __pfx_netlink_sendmsg+0x10/0x10
[  649.653155][T12689]  ? ____sys_sendmsg+0x871/0xc70
[  649.653172][T12689]  ____sys_sendmsg+0xa98/0xc70
[  649.653187][T12689]  ? copy_msghdr_from_user+0x10a/0x160
[  649.653208][T12689]  ? __pfx_____sys_sendmsg+0x10/0x10
[  649.653228][T12689]  ? __pfx_futex_wake_mark+0x10/0x10
[  649.653249][T12689]  ___sys_sendmsg+0x134/0x1d0
[  649.653266][T12689]  ? futex_private_hash_put+0x176/0x300
[  649.653289][T12689]  ? __pfx____sys_sendmsg+0x10/0x10
[  649.653307][T12689]  ? __lock_acquire+0x622/0x1c90
[  649.653358][T12689]  __sys_sendmsg+0x16d/0x220
[  649.653377][T12689]  ? __pfx___sys_sendmsg+0x10/0x10
[  649.653396][T12689]  ? __x64_sys_futex+0x1e0/0x4c0
[  649.653428][T12689]  do_syscall_64+0xcd/0xfa0
[  649.653445][T12689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.653460][T12689] RIP: 0033:0x7f013858f6c9
[  649.653472][T12689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  649.653487][T12689] RSP: 002b:00007f013663c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  649.653503][T12689] RAX: ffffffffffffffda RBX: 00007f01387e6090 RCX: 00007f013858f6c9
[  649.653513][T12689] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000006
[  649.653522][T12689] RBP: 00007f0138611f91 R08: 0000000000000000 R09: 0000000000000000
[  649.653530][T12689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  649.653539][T12689] R13: 00007f01387e6128 R14: 00007f01387e6090 R15: 00007ffd0ba6ee88
[  649.653562][T12689]  </TASK>
[  650.054828][    C0] vkms_vblank_simulate: vblank timer overrun
[  650.233565][T12692] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1766'.
[  650.946278][T12703] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1768'.
[  651.293834][T12709] overlayfs: failed to resolve './file1': -2
[  652.409031][ T5886] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  652.605932][T12729] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  652.617977][T12729] CPU: 0 UID: 0 PID: 12729 Comm: syz.4.1776 Not tainted syzkaller #0 PREEMPT(full) 
[  652.618005][T12729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  652.618016][T12729] Call Trace:
[  652.618024][T12729]  <TASK>
[  652.618032][T12729]  dump_stack_lvl+0x16c/0x1f0
[  652.618066][T12729]  sysfs_warn_dup+0x7f/0xa0
[  652.618091][T12729]  sysfs_do_create_link_sd+0x124/0x140
[  652.618116][T12729]  sysfs_create_link+0x61/0xc0
[  652.618140][T12729]  device_add+0x62c/0x1aa0
[  652.618166][T12729]  ? __pfx_device_add+0x10/0x10
[  652.618186][T12729]  ? __sanitizer_cov_trace_pc+0x66/0x70
[  652.618220][T12729]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  652.618255][T12729]  wiphy_register+0x1eb0/0x2b20
[  652.618284][T12729]  ? __pfx_wiphy_register+0x10/0x10
[  652.618311][T12729]  ? ieee80211_register_hw+0x22d9/0x4120
[  652.618335][T12729]  ieee80211_register_hw+0x253d/0x4120
[  652.618365][T12729]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  652.618383][T12729]  ? __pfx___debug_object_init+0x10/0x10
[  652.618414][T12729]  ? find_held_lock+0x2b/0x80
[  652.618436][T12729]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  652.618459][T12729]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  652.618477][T12729]  ? __hrtimer_setup+0x176/0x280
[  652.618510][T12729]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  652.618553][T12729]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  652.618582][T12729]  ? __asan_memcpy+0x3c/0x60
[  652.618616][T12729]  hwsim_new_radio_nl+0xba2/0x1330
[  652.618646][T12729]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  652.618684][T12729]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  652.618703][T12729]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  652.618727][T12729]  genl_family_rcv_msg_doit+0x209/0x2f0
[  652.618748][T12729]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  652.618779][T12729]  ? genl_rcv_msg+0x442/0x800
[  652.618801][T12729]  genl_rcv_msg+0x55c/0x800
[  652.618824][T12729]  ? __pfx_genl_rcv_msg+0x10/0x10
[  652.618843][T12729]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  652.618873][T12729]  ? __lock_acquire+0x622/0x1c90
[  652.618907][T12729]  netlink_rcv_skb+0x158/0x420
[  652.618934][T12729]  ? __pfx_genl_rcv_msg+0x10/0x10
[  652.618955][T12729]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  652.618994][T12729]  ? netlink_deliver_tap+0x1ae/0xd30
[  652.619026][T12729]  genl_rcv+0x28/0x40
[  652.619053][T12729]  netlink_unicast+0x5aa/0x870
[  652.619085][T12729]  ? __pfx_netlink_unicast+0x10/0x10
[  652.619124][T12729]  netlink_sendmsg+0x8c8/0xdd0
[  652.619156][T12729]  ? __pfx_netlink_sendmsg+0x10/0x10
[  652.619195][T12729]  ____sys_sendmsg+0xa98/0xc70
[  652.619215][T12729]  ? copy_msghdr_from_user+0x10a/0x160
[  652.619240][T12729]  ? __pfx_____sys_sendmsg+0x10/0x10
[  652.619266][T12729]  ? __pfx_futex_wake_mark+0x10/0x10
[  652.619289][T12729]  ___sys_sendmsg+0x134/0x1d0
[  652.619308][T12729]  ? futex_private_hash_put+0x176/0x300
[  652.619336][T12729]  ? __pfx____sys_sendmsg+0x10/0x10
[  652.619359][T12729]  ? __lock_acquire+0x622/0x1c90
[  652.619422][T12729]  __sys_sendmsg+0x16d/0x220
[  652.619447][T12729]  ? __pfx___sys_sendmsg+0x10/0x10
[  652.619471][T12729]  ? __x64_sys_futex+0x1e0/0x4c0
[  652.619515][T12729]  do_syscall_64+0xcd/0xfa0
[  652.619537][T12729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.619556][T12729] RIP: 0033:0x7f30ea78f6c9
[  652.619574][T12729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  652.619592][T12729] RSP: 002b:00007f30eb5b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  652.619610][T12729] RAX: ffffffffffffffda RBX: 00007f30ea9e6090 RCX: 00007f30ea78f6c9
[  652.619624][T12729] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000006
[  652.619635][T12729] RBP: 00007f30ea811f91 R08: 0000000000000000 R09: 0000000000000000
[  652.619646][T12729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  652.619656][T12729] R13: 00007f30ea9e6128 R14: 00007f30ea9e6090 R15: 00007ffe06f71ce8
[  652.619685][T12729]  </TASK>
[  653.001984][    C0] vkms_vblank_simulate: vblank timer overrun
[  653.336522][T12731] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  653.510978][ T5886] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  653.520917][ T5886] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  653.996828][ T5886] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  654.008417][ T5886] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  654.018694][ T5886] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 28
[  654.036788][ T5886] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  654.046002][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.054098][ T5886] usb 1-1: Product: syz
[  654.058544][ T5886] usb 1-1: Manufacturer: syz
[  654.063325][ T5886] usb 1-1: SerialNumber: syz
[  654.089764][ T5886] usb 1-1: config 0 descriptor??
[  654.102357][ T5886] kvaser_usb 1-1:0.0: error -EMSGSIZE: Cannot get software info
[  654.258234][  T778] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  654.689415][ T5871] usb 2-1: new full-speed USB device number 59 using dummy_hcd
[  654.722646][ T5886] kvaser_usb 1-1:0.0: probe with driver kvaser_usb failed with error -90
[  654.805670][  T778] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  654.821200][  T778] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  654.935170][T12748] overlayfs: failed to resolve './file1': -2
[  655.122409][  T778] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  655.145704][  T778] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 28
[  655.170632][ T5871] usb 2-1: unable to get BOS descriptor or descriptor too short
[  655.204320][ T5886] usb 1-1: USB disconnect, device number 55
[  655.210075][ T5871] usb 2-1: not running at top speed; connect to a high speed hub
[  655.230585][  T778] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  655.241991][  T778] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.254471][ T5871] usb 2-1: config 129 has an invalid interface number: 135 but max is 0
[  655.266207][  T778] usb 5-1: Product: syz
[  655.270469][ T5871] usb 2-1: config 129 has an invalid interface number: 5 but max is 0
[  655.278903][  T778] usb 5-1: Manufacturer: syz
[  655.283476][  T778] usb 5-1: SerialNumber: syz
[  655.288163][ T5871] usb 2-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  655.298123][ T5871] usb 2-1: config 129 has no interface number 0
[  655.304775][  T778] usb 5-1: config 0 descriptor??
[  655.309855][ T5871] usb 2-1: config 129 has no interface number 1
[  655.321346][ T5871] usb 2-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  655.335321][  T778] kvaser_usb 5-1:0.0: error -ENODEV: Cannot get usb endpoint(s)
[  655.343396][ T5871] usb 2-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  655.362482][T12755] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1783'.
[  655.372829][ T5871] usb 2-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  655.386246][ T5871] usb 2-1: config 129 interface 135 has no altsetting 0
[  655.393622][ T5871] usb 2-1: config 129 interface 5 has no altsetting 0
[  655.413121][ T5871] usb 2-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[  655.422681][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.509071][  T978] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  655.530453][ T5871] usb 2-1: Product: syz
[  655.538936][ T5871] usb 2-1: Manufacturer: syz
[  655.543678][ T5871] usb 2-1: SerialNumber: syz
[  655.652538][  T778] usb 5-1: USB disconnect, device number 50
[  655.690732][  T978] usb 3-1: Using ep0 maxpacket: 8
[  655.703975][  T978] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  655.729150][  T978] usb 3-1: config 179 has no interface number 0
[  655.745826][  T978] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  655.846147][  T978] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  655.979849][  T978] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  656.223489][  T978] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  656.238824][  T978] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  656.253970][  T978] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  656.728418][  T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.747388][T12754] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  656.769123][ T5871] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  656.779391][ T5871] usb 2-1: MIDIStreaming interface descriptor not found
[  656.873919][ T5871] usb 2-1: USB disconnect, device number 59
[  657.000849][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  657.760305][ T5886] usb 3-1: USB disconnect, device number 58
[  657.766385][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  657.766434][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  658.308221][T12788] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1791'.
[  658.521808][T12789] KVM: debugfs: duplicate directory 12789-8
[  658.640955][ T5886] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  658.814141][T12792] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1795'.
[  658.825924][ T5886] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  658.844505][ T5886] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  658.885198][ T5886] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  658.909745][ T5886] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  658.923850][ T5886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.952130][ T5886] usb 1-1: config 0 descriptor??
[  659.588382][ T5886] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  659.598312][T12799] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1796'.
[  659.904923][ T5813] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  660.559023][T12805] netlink: 'syz.3.1799': attribute type 8 has an invalid length.
[  661.346160][   T10] usb 5-1: new full-speed USB device number 51 using dummy_hcd
[  661.463738][  T978] usb 1-1: reset high-speed USB device number 56 using dummy_hcd
[  661.509437][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[  661.528996][   T10] usb 5-1: not running at top speed; connect to a high speed hub
[  661.558036][   T10] usb 5-1: config 129 has an invalid interface number: 135 but max is 0
[  661.584420][   T10] usb 5-1: config 129 has an invalid interface number: 5 but max is 0
[  661.587747][T12831] netlink: 'syz.2.1806': attribute type 8 has an invalid length.
[  661.752822][   T10] usb 5-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  661.793899][   T10] usb 5-1: config 129 has no interface number 0
[  661.800438][   T10] usb 5-1: config 129 has no interface number 1
[  661.899770][   T10] usb 5-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  661.921000][   T10] usb 5-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  661.934422][   T10] usb 5-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  661.953843][   T10] usb 5-1: config 129 interface 135 has no altsetting 0
[  661.960909][   T10] usb 5-1: config 129 interface 5 has no altsetting 0
[  662.305817][   T30] audit: type=1804 audit(1762532597.982:804): pid=12838 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.1807" name="/newroot/381/file0" dev="tmpfs" ino=2046 res=1 errno=0
[  662.369757][   T10] usb 5-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[  662.443016][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.452847][   T10] usb 5-1: Product: syz
[  662.461846][   T10] usb 5-1: Manufacturer: syz
[  662.468165][   T10] usb 5-1: SerialNumber: syz
[  662.811982][ T5886] usb 1-1: USB disconnect, device number 56
[  662.861713][T12847] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1811'.
[  663.321609][   T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  663.345238][   T10] usb 5-1: MIDIStreaming interface descriptor not found
[  663.972651][   T10] usb 5-1: USB disconnect, device number 51
[  664.007760][   T30] audit: type=1804 audit(1762532599.619:805): pid=12859 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.1814" name="/newroot/327/file0" dev="tmpfs" ino=1736 res=1 errno=0
[  664.075143][ T5886] usb 3-1: new full-speed USB device number 59 using dummy_hcd
[  664.138811][T12862] netlink: 'syz.3.1815': attribute type 8 has an invalid length.
[  664.373445][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 10
[  664.386871][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 141, setting to 64
[  664.394804][T12868] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1817'.
[  664.398736][ T5886] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  664.921821][   T30] audit: type=1804 audit(1762532600.414:806): pid=12869 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.1816" name="/newroot/357/file0" dev="tmpfs" ino=1894 res=1 errno=0
[  664.948770][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.971166][ T5886] usb 3-1: config 0 descriptor??
[  664.985045][T12853] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  665.047984][   T30] audit: type=1400 audit(1762532600.629:807): avc:  denied  { write } for  pid=12871 comm="syz.3.1818" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  665.075165][   T30] audit: type=1400 audit(1762532600.629:808): avc:  denied  { open } for  pid=12871 comm="syz.3.1818" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  665.305343][T12883] /dev/nullb0: Can't open blockdev
[  665.879579][T12881] xt_TCPMSS: Only works on TCP SYN packets
[  666.090472][  T778] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  666.097051][ T5886] ath6kl: Failed to submit usb control message: -71
[  666.366737][T10100] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  666.375823][ T5886] ath6kl: unable to send the bmi data to the device: -71
[  666.383107][ T5886] ath6kl: Unable to send get target info: -71
[  666.395951][  T778] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  666.407903][  T778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  666.419353][ T5886] ath6kl: Failed to init ath6kl core: -71
[  666.422905][  T778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  666.434091][ T5886] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[  666.457896][ T5886] usb 3-1: USB disconnect, device number 59
[  666.471293][  T778] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  666.495331][  T778] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.517039][  T778] usb 1-1: Product: syz
[  666.522563][  T778] usb 1-1: Manufacturer: syz
[  666.527559][  T778] usb 1-1: SerialNumber: syz
[  666.538744][  T778] usb 1-1: config 0 descriptor??
[  666.545360][T12879] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  666.589363][T10100] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  666.601169][T10100] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  666.654049][T10100] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  666.675619][T10100] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  666.695711][T10100] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 28
[  666.697987][T12890] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1825'.
[  666.710768][T10100] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  666.728658][T10100] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.747569][T10100] usb 2-1: Product: syz
[  666.751880][T10100] usb 2-1: Manufacturer: syz
[  666.758276][T10100] usb 2-1: SerialNumber: syz
[  666.767392][T10100] usb 2-1: config 0 descriptor??
[  666.772572][T12879] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  666.796857][T10100] kvaser_usb 2-1:0.0: error -EMSGSIZE: Cannot get software info
[  666.806686][T10100] kvaser_usb 2-1:0.0: probe with driver kvaser_usb failed with error -90
[  667.055382][T12895] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1826'.
[  667.951397][  T778] usb 2-1: USB disconnect, device number 60
[  667.982188][T12906] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1830'.
[  668.759154][T10100] usb 1-1: USB disconnect, device number 57
[  668.958744][  T778] usb 4-1: new full-speed USB device number 72 using dummy_hcd
[  669.624846][  T778] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 10
[  669.673781][  T778] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 141, setting to 64
[  669.706917][  T778] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  669.720253][  T778] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.733120][  T778] usb 4-1: config 0 descriptor??
[  669.739196][T12916] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  669.941701][T12932] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1837'.
[  669.967027][  T778] ath6kl: Failed to submit usb control message: -71
[  669.980717][  T778] ath6kl: unable to send the bmi data to the device: -71
[  669.988673][  T778] ath6kl: Unable to send get target info: -71
[  669.994888][T10100] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  670.008367][  T778] ath6kl: Failed to init ath6kl core: -71
[  670.016503][  T778] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  670.045427][  T778] usb 4-1: USB disconnect, device number 72
[  670.210506][T10100] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  670.223286][T10100] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  670.234722][T10100] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  670.253924][T10100] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  670.264351][T10100] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.272528][T10100] usb 2-1: Product: syz
[  670.277253][T10100] usb 2-1: Manufacturer: syz
[  670.281962][T10100] usb 2-1: SerialNumber: syz
[  670.291082][T10100] usb 2-1: config 0 descriptor??
[  670.296830][T12928] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  670.411719][   T10] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  670.422399][ T5871] usb 1-1: new full-speed USB device number 58 using dummy_hcd
[  670.525270][T12928] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  670.577473][   T10] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  670.631131][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 10
[  670.642305][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 141, setting to 64
[  670.656530][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  670.669528][ T5871] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  670.678739][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  670.690230][ T5871] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.702830][   T10] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  670.712221][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.721011][ T5871] usb 1-1: config 0 descriptor??
[  670.854706][   T10] usb 5-1: Product: syz
[  670.859053][   T10] usb 5-1: Manufacturer: syz
[  670.868768][   T10] usb 5-1: SerialNumber: syz
[  671.454161][T12936] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  671.479947][   T10] usb 5-1: config 0 descriptor??
[  671.485858][T12938] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  671.780635][T12938] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  671.835001][ T5871] ath6kl: Failed to submit usb control message: -71
[  671.841698][ T5871] ath6kl: unable to send the bmi data to the device: -71
[  671.877542][ T5871] ath6kl: Unable to send get target info: -71
[  671.982330][T12956] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  672.379029][ T5871] ath6kl: Failed to init ath6kl core: -71
[  672.396316][ T5871] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  672.421173][T10100] usb 2-1: USB disconnect, device number 61
[  672.423964][ T5871] usb 1-1: USB disconnect, device number 58
[  672.444471][T12956] CPU: 0 UID: 0 PID: 12956 Comm: syz.3.1843 Not tainted syzkaller #0 PREEMPT(full) 
[  672.444491][T12956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  672.444499][T12956] Call Trace:
[  672.444506][T12956]  <TASK>
[  672.444515][T12956]  dump_stack_lvl+0x16c/0x1f0
[  672.444546][T12956]  sysfs_warn_dup+0x7f/0xa0
[  672.444563][T12956]  sysfs_do_create_link_sd+0x124/0x140
[  672.444581][T12956]  sysfs_create_link+0x61/0xc0
[  672.444595][T12956]  device_add+0x62c/0x1aa0
[  672.444612][T12956]  ? __pfx_device_add+0x10/0x10
[  672.444625][T12956]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  672.444640][T12956]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  672.444666][T12956]  wiphy_register+0x1eb0/0x2b20
[  672.444678][T12956]  ? netdev_run_todo+0x864/0x1320
[  672.444699][T12956]  ? __pfx_wiphy_register+0x10/0x10
[  672.444719][T12956]  ieee80211_register_hw+0x253d/0x4120
[  672.444739][T12956]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  672.444752][T12956]  ? __pfx___debug_object_init+0x10/0x10
[  672.444774][T12956]  ? find_held_lock+0x2b/0x80
[  672.444791][T12956]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  672.444807][T12956]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  672.444820][T12956]  ? __hrtimer_setup+0x176/0x280
[  672.444834][T12956]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  672.444858][T12956]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  672.444875][T12956]  ? __asan_memcpy+0x3c/0x60
[  672.444895][T12956]  hwsim_new_radio_nl+0xba2/0x1330
[  672.444915][T12956]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  672.444936][T12956]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  672.444948][T12956]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  672.444963][T12956]  genl_family_rcv_msg_doit+0x209/0x2f0
[  672.444975][T12956]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  672.444992][T12956]  ? bpf_lsm_capable+0x9/0x10
[  672.445004][T12956]  ? security_capable+0x7e/0x260
[  672.445022][T12956]  ? ns_capable+0xd7/0x110
[  672.445037][T12956]  genl_rcv_msg+0x55c/0x800
[  672.445049][T12956]  ? __pfx_genl_rcv_msg+0x10/0x10
[  672.445061][T12956]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  672.445078][T12956]  ? __lock_acquire+0x622/0x1c90
[  672.445097][T12956]  netlink_rcv_skb+0x158/0x420
[  672.445113][T12956]  ? __pfx_genl_rcv_msg+0x10/0x10
[  672.445124][T12956]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  672.445146][T12956]  ? netlink_deliver_tap+0x1ae/0xd30
[  672.445164][T12956]  genl_rcv+0x28/0x40
[  672.445180][T12956]  netlink_unicast+0x5aa/0x870
[  672.445198][T12956]  ? __pfx_netlink_unicast+0x10/0x10
[  672.445220][T12956]  netlink_sendmsg+0x8c8/0xdd0
[  672.445239][T12956]  ? __pfx_netlink_sendmsg+0x10/0x10
[  672.445261][T12956]  ____sys_sendmsg+0xa98/0xc70
[  672.445274][T12956]  ? copy_msghdr_from_user+0x10a/0x160
[  672.445289][T12956]  ? __pfx_____sys_sendmsg+0x10/0x10
[  672.445307][T12956]  ___sys_sendmsg+0x134/0x1d0
[  672.445320][T12956]  ? futex_private_hash_put+0x176/0x300
[  672.445338][T12956]  ? __pfx____sys_sendmsg+0x10/0x10
[  672.445351][T12956]  ? __lock_acquire+0x622/0x1c90
[  672.445387][T12956]  __sys_sendmsg+0x16d/0x220
[  672.445403][T12956]  ? __pfx___sys_sendmsg+0x10/0x10
[  672.445418][T12956]  ? __x64_sys_futex+0x1e0/0x4c0
[  672.445438][T12956]  do_syscall_64+0xcd/0xfa0
[  672.445450][T12956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.445463][T12956] RIP: 0033:0x7f8b7338f6c9
[  672.445474][T12956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  672.445485][T12956] RSP: 002b:00007f8b741fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  672.445496][T12956] RAX: ffffffffffffffda RBX: 00007f8b735e6090 RCX: 00007f8b7338f6c9
[  672.445505][T12956] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000005
[  672.445514][T12956] RBP: 00007f8b73411f91 R08: 0000000000000000 R09: 0000000000000000
[  672.445524][T12956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  672.445533][T12956] R13: 00007f8b735e6128 R14: 00007f8b735e6090 R15: 00007fff9f4d65b8
[  672.445552][T12956]  </TASK>
[  672.832025][    C0] vkms_vblank_simulate: vblank timer overrun
[  672.887847][ T5886] usb 5-1: USB disconnect, device number 52
[  672.930866][T12960] xt_TCPMSS: Only works on TCP SYN packets
[  673.972105][T12972] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1845'.
[  673.981088][  T778] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  674.111270][T12975] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  674.158276][T12975] CPU: 0 UID: 0 PID: 12975 Comm: syz.1.1847 Not tainted syzkaller #0 PREEMPT(full) 
[  674.158307][T12975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  674.158318][T12975] Call Trace:
[  674.158326][T12975]  <TASK>
[  674.158336][T12975]  dump_stack_lvl+0x16c/0x1f0
[  674.158374][T12975]  sysfs_warn_dup+0x7f/0xa0
[  674.158401][T12975]  sysfs_do_create_link_sd+0x124/0x140
[  674.158428][T12975]  sysfs_create_link+0x61/0xc0
[  674.158454][T12975]  device_add+0x62c/0x1aa0
[  674.158482][T12975]  ? __pfx_device_add+0x10/0x10
[  674.158504][T12975]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  674.158531][T12975]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  674.158567][T12975]  wiphy_register+0x1eb0/0x2b20
[  674.158588][T12975]  ? netdev_run_todo+0x864/0x1320
[  674.158624][T12975]  ? __pfx_wiphy_register+0x10/0x10
[  674.158666][T12975]  ieee80211_register_hw+0x253d/0x4120
[  674.158699][T12975]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  674.158721][T12975]  ? __pfx___debug_object_init+0x10/0x10
[  674.158756][T12975]  ? find_held_lock+0x2b/0x80
[  674.158780][T12975]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  674.158805][T12975]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  674.158825][T12975]  ? __hrtimer_setup+0x176/0x280
[  674.158849][T12975]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  674.158893][T12975]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  674.158922][T12975]  ? __asan_memcpy+0x3c/0x60
[  674.158959][T12975]  hwsim_new_radio_nl+0xba2/0x1330
[  674.158988][T12975]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  674.159022][T12975]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  674.159043][T12975]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  674.159069][T12975]  genl_family_rcv_msg_doit+0x209/0x2f0
[  674.159091][T12975]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  674.159120][T12975]  ? bpf_lsm_capable+0x9/0x10
[  674.159140][T12975]  ? security_capable+0x7e/0x260
[  674.159171][T12975]  ? ns_capable+0xd7/0x110
[  674.159196][T12975]  genl_rcv_msg+0x55c/0x800
[  674.159216][T12975]  ? __pfx_genl_rcv_msg+0x10/0x10
[  674.159235][T12975]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  674.159264][T12975]  ? __lock_acquire+0x622/0x1c90
[  674.159297][T12975]  netlink_rcv_skb+0x158/0x420
[  674.159325][T12975]  ? __pfx_genl_rcv_msg+0x10/0x10
[  674.159345][T12975]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  674.159387][T12975]  ? netlink_deliver_tap+0x1ae/0xd30
[  674.159411][T12975]  ? netlink_unicast+0x51e/0x870
[  674.159441][T12975]  genl_rcv+0x28/0x40
[  674.159468][T12975]  netlink_unicast+0x5aa/0x870
[  674.159500][T12975]  ? __pfx_netlink_unicast+0x10/0x10
[  674.159538][T12975]  netlink_sendmsg+0x8c8/0xdd0
[  674.159571][T12975]  ? __pfx_netlink_sendmsg+0x10/0x10
[  674.159610][T12975]  ____sys_sendmsg+0xa98/0xc70
[  674.159631][T12975]  ? copy_msghdr_from_user+0x10a/0x160
[  674.159661][T12975]  ? __pfx_____sys_sendmsg+0x10/0x10
[  674.159687][T12975]  ? __pfx_futex_wake_mark+0x10/0x10
[  674.159714][T12975]  ___sys_sendmsg+0x134/0x1d0
[  674.159736][T12975]  ? futex_private_hash_put+0x176/0x300
[  674.159764][T12975]  ? __pfx____sys_sendmsg+0x10/0x10
[  674.159784][T12975]  ? __lock_acquire+0x622/0x1c90
[  674.159848][T12975]  __sys_sendmsg+0x16d/0x220
[  674.159874][T12975]  ? __pfx___sys_sendmsg+0x10/0x10
[  674.159899][T12975]  ? __x64_sys_futex+0x1e0/0x4c0
[  674.159936][T12975]  do_syscall_64+0xcd/0xfa0
[  674.159956][T12975]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  674.159974][T12975] RIP: 0033:0x7f013858f6c9
[  674.159991][T12975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  674.160010][T12975] RSP: 002b:00007f01367cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  674.160029][T12975] RAX: ffffffffffffffda RBX: 00007f01387e6090 RCX: 00007f013858f6c9
[  674.160043][T12975] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000005
[  674.160055][T12975] RBP: 00007f0138611f91 R08: 0000000000000000 R09: 0000000000000000
[  674.160066][T12975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  674.160078][T12975] R13: 00007f01387e6128 R14: 00007f01387e6090 R15: 00007ffd0ba6ee88
[  674.160107][T12975]  </TASK>
[  674.557590][    C0] vkms_vblank_simulate: vblank timer overrun
[  674.636116][  T778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  674.645894][  T778] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  674.655651][  T778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  674.665421][  T778] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  674.675134][  T778] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 28
[  674.691707][  T778] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  674.701389][  T778] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  674.709703][  T778] usb 1-1: Product: syz
[  674.713852][  T778] usb 1-1: Manufacturer: syz
[  674.718437][  T778] usb 1-1: SerialNumber: syz
[  674.726340][  T778] usb 1-1: config 0 descriptor??
[  674.733715][  T778] kvaser_usb 1-1:0.0: error -EMSGSIZE: Cannot get software info
[  674.741420][  T778] kvaser_usb 1-1:0.0: probe with driver kvaser_usb failed with error -90
[  674.903575][T12983] KVM: debugfs: duplicate directory 12983-8
[  675.070741][T10100] usb 1-1: USB disconnect, device number 59
[  675.706214][T12993] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1853'.
[  676.138890][T12997] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1856'.
[  676.473309][  T978] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  676.938662][  T778] usb 1-1: new full-speed USB device number 60 using dummy_hcd
[  676.946684][   T30] audit: type=1804 audit(1762532611.723:809): pid=13008 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.1857" name="/newroot/393/file0" dev="tmpfs" ino=2109 res=1 errno=0
[  677.033698][  T978] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  677.062769][  T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  677.078300][  T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  677.101960][  T978] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  677.111175][  T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.119470][  T978] usb 4-1: Product: syz
[  677.123813][  T978] usb 4-1: Manufacturer: syz
[  677.129014][  T978] usb 4-1: SerialNumber: syz
[  677.248339][T13013] /dev/nullb0: Can't open blockdev
[  677.664671][  T978] usb 4-1: config 0 descriptor??
[  677.674772][T12998] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  677.702185][  T778] usb 1-1: unable to get BOS descriptor or descriptor too short
[  677.713615][ T5817] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  677.738972][  T778] usb 1-1: not running at top speed; connect to a high speed hub
[  677.947459][T12998] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  678.158245][  T778] usb 1-1: config 129 has an invalid interface number: 135 but max is 0
[  678.166868][  T778] usb 1-1: config 129 has an invalid interface number: 5 but max is 0
[  678.175256][  T778] usb 1-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  678.185694][ T5817] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  678.197454][  T778] usb 1-1: config 129 has no interface number 0
[  678.203832][  T778] usb 1-1: config 129 has no interface number 1
[  678.229467][ T5817] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  678.243412][  T778] usb 1-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  678.256953][ T5817] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  678.276164][  T778] usb 1-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  678.675619][  T778] usb 1-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  678.690385][  T778] usb 1-1: config 129 interface 135 has no altsetting 0
[  678.697562][  T778] usb 1-1: config 129 interface 5 has no altsetting 0
[  678.704523][ T5817] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  678.725585][ T5817] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.738531][  T778] usb 1-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[  678.752856][  T778] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.762720][ T5817] usb 3-1: Product: syz
[  678.767052][ T5817] usb 3-1: Manufacturer: syz
[  678.782668][ T5817] usb 3-1: SerialNumber: syz
[  678.787505][  T778] usb 1-1: Product: syz
[  678.791667][  T778] usb 1-1: Manufacturer: syz
[  678.798700][ T5817] usb 3-1: config 0 descriptor??
[  678.814579][  T778] usb 1-1: SerialNumber: syz
[  678.822754][T13010] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  679.045285][T13010] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  679.144654][T13033] overlayfs: failed to resolve './file1': -2
[  679.832982][ T5817] usb 3-1: USB disconnect, device number 60
[  680.016601][ T5871] usb 4-1: USB disconnect, device number 73
[  680.149636][T13041] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1867'.
[  680.482314][T10100] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  680.994476][T10100] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  681.021982][T10100] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  681.032847][T10100] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  681.043008][T10100] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  681.058143][T10100] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 28
[  681.084757][T10100] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  681.107663][T10100] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.205688][T10100] usb 5-1: Product: syz
[  681.226396][T10100] usb 5-1: Manufacturer: syz
[  681.282582][T10100] usb 5-1: SerialNumber: syz
[  681.322012][  T778] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  681.434795][T10100] usb 5-1: config 0 descriptor??
[  681.448210][  T778] usb 1-1: MIDIStreaming interface descriptor not found
[  681.462635][T10100] kvaser_usb 5-1:0.0: error -EMSGSIZE: Cannot get software info
[  681.474147][T10100] kvaser_usb 5-1:0.0: probe with driver kvaser_usb failed with error -90
[  681.704424][  T778] usb 1-1: USB disconnect, device number 60
[  681.770818][T10100] usb 5-1: USB disconnect, device number 53
[  681.954097][T13066] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  681.979432][T13066] CPU: 0 UID: 0 PID: 13066 Comm: syz.3.1872 Not tainted syzkaller #0 PREEMPT(full) 
[  681.979460][T13066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  681.979472][T13066] Call Trace:
[  681.979479][T13066]  <TASK>
[  681.979488][T13066]  dump_stack_lvl+0x16c/0x1f0
[  681.979514][T13066]  sysfs_warn_dup+0x7f/0xa0
[  681.979533][T13066]  sysfs_do_create_link_sd+0x124/0x140
[  681.979549][T13066]  sysfs_create_link+0x61/0xc0
[  681.979564][T13066]  device_add+0x62c/0x1aa0
[  681.979580][T13066]  ? __pfx_device_add+0x10/0x10
[  681.979593][T13066]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  681.979609][T13066]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  681.979630][T13066]  wiphy_register+0x1eb0/0x2b20
[  681.979641][T13066]  ? netdev_run_todo+0x864/0x1320
[  681.979664][T13066]  ? __pfx_wiphy_register+0x10/0x10
[  681.979685][T13066]  ieee80211_register_hw+0x253d/0x4120
[  681.979704][T13066]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  681.979716][T13066]  ? __pfx___debug_object_init+0x10/0x10
[  681.979736][T13066]  ? find_held_lock+0x2b/0x80
[  681.979751][T13066]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  681.979765][T13066]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  681.979777][T13066]  ? __hrtimer_setup+0x176/0x280
[  681.979791][T13066]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  681.979816][T13066]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  681.979832][T13066]  ? __asan_memcpy+0x3c/0x60
[  681.979851][T13066]  hwsim_new_radio_nl+0xba2/0x1330
[  681.979868][T13066]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  681.979888][T13066]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  681.979900][T13066]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  681.979915][T13066]  genl_family_rcv_msg_doit+0x209/0x2f0
[  681.979928][T13066]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  681.979944][T13066]  ? bpf_lsm_capable+0x9/0x10
[  681.979956][T13066]  ? security_capable+0x7e/0x260
[  681.979974][T13066]  ? ns_capable+0xd7/0x110
[  681.979989][T13066]  genl_rcv_msg+0x55c/0x800
[  681.980001][T13066]  ? __pfx_genl_rcv_msg+0x10/0x10
[  681.980013][T13066]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  681.980033][T13066]  netlink_rcv_skb+0x158/0x420
[  681.980049][T13066]  ? __pfx_genl_rcv_msg+0x10/0x10
[  681.980061][T13066]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  681.980083][T13066]  ? netlink_deliver_tap+0x1ae/0xd30
[  681.980100][T13066]  genl_rcv+0x28/0x40
[  681.980116][T13066]  netlink_unicast+0x5aa/0x870
[  681.980134][T13066]  ? __pfx_netlink_unicast+0x10/0x10
[  681.980149][T13066]  ? netlink_autobind.isra.0+0xa8/0x370
[  681.980170][T13066]  netlink_sendmsg+0x8c8/0xdd0
[  681.980189][T13066]  ? __pfx_netlink_sendmsg+0x10/0x10
[  681.980206][T13066]  ? security_socket_sendmsg+0x47/0x240
[  681.980223][T13066]  ? __sanitizer_cov_trace_pc+0x10/0x70
[  681.980239][T13066]  ____sys_sendmsg+0xa98/0xc70
[  681.980251][T13066]  ? copy_msghdr_from_user+0x10a/0x160
[  681.980266][T13066]  ? __pfx_____sys_sendmsg+0x10/0x10
[  681.980284][T13066]  ___sys_sendmsg+0x134/0x1d0
[  681.980297][T13066]  ? futex_private_hash_put+0x176/0x300
[  681.980314][T13066]  ? __pfx____sys_sendmsg+0x10/0x10
[  681.980332][T13066]  ? __lock_acquire+0x622/0x1c90
[  681.980382][T13066]  __sys_sendmsg+0x16d/0x220
[  681.980397][T13066]  ? __pfx___sys_sendmsg+0x10/0x10
[  681.980417][T13066]  ? __x64_sys_futex+0x1e0/0x4c0
[  681.980437][T13066]  do_syscall_64+0xcd/0xfa0
[  681.980451][T13066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  681.980463][T13066] RIP: 0033:0x7f8b7338f6c9
[  681.980474][T13066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  681.980486][T13066] RSP: 002b:00007f8b741fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  681.980498][T13066] RAX: ffffffffffffffda RBX: 00007f8b735e6090 RCX: 00007f8b7338f6c9
[  681.980506][T13066] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000005
[  681.980514][T13066] RBP: 00007f8b73411f91 R08: 0000000000000000 R09: 0000000000000000
[  681.980523][T13066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  681.980533][T13066] R13: 00007f8b735e6128 R14: 00007f8b735e6090 R15: 00007fff9f4d65b8
[  681.980562][T13066]  </TASK>
[  682.378388][    C0] vkms_vblank_simulate: vblank timer overrun
[  683.564242][T13079] overlayfs: failed to resolve './file1': -2
[  683.907457][T13084] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1878'.
[  684.206371][T13085] xt_TCPMSS: Only works on TCP SYN packets
[  685.133215][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  685.491106][T13104] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  685.503096][T13104] CPU: 0 UID: 0 PID: 13104 Comm: syz.0.1883 Not tainted syzkaller #0 PREEMPT(full) 
[  685.503123][T13104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  685.503131][T13104] Call Trace:
[  685.503136][T13104]  <TASK>
[  685.503142][T13104]  dump_stack_lvl+0x16c/0x1f0
[  685.503166][T13104]  sysfs_warn_dup+0x7f/0xa0
[  685.503183][T13104]  sysfs_do_create_link_sd+0x124/0x140
[  685.503199][T13104]  sysfs_create_link+0x61/0xc0
[  685.503214][T13104]  device_add+0x62c/0x1aa0
[  685.503231][T13104]  ? __pfx_device_add+0x10/0x10
[  685.503243][T13104]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  685.503259][T13104]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  685.503280][T13104]  wiphy_register+0x1eb0/0x2b20
[  685.503291][T13104]  ? netdev_run_todo+0x864/0x1320
[  685.503312][T13104]  ? __pfx_wiphy_register+0x10/0x10
[  685.503332][T13104]  ieee80211_register_hw+0x253d/0x4120
[  685.503351][T13104]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  685.503363][T13104]  ? __pfx___debug_object_init+0x10/0x10
[  685.503383][T13104]  ? find_held_lock+0x2b/0x80
[  685.503397][T13104]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  685.503413][T13104]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  685.503427][T13104]  ? __hrtimer_setup+0x176/0x280
[  685.503442][T13104]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  685.503467][T13104]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  685.503483][T13104]  ? __asan_memcpy+0x3c/0x60
[  685.503502][T13104]  hwsim_new_radio_nl+0xba2/0x1330
[  685.503519][T13104]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  685.503539][T13104]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  685.503551][T13104]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  685.503566][T13104]  genl_family_rcv_msg_doit+0x209/0x2f0
[  685.503578][T13104]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  685.503594][T13104]  ? bpf_lsm_capable+0x9/0x10
[  685.503607][T13104]  ? security_capable+0x7e/0x260
[  685.503623][T13104]  ? ns_capable+0xd7/0x110
[  685.503638][T13104]  genl_rcv_msg+0x55c/0x800
[  685.503650][T13104]  ? __pfx_genl_rcv_msg+0x10/0x10
[  685.503662][T13104]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  685.503684][T13104]  ? __lock_acquire+0x622/0x1c90
[  685.503703][T13104]  netlink_rcv_skb+0x158/0x420
[  685.503719][T13104]  ? __pfx_genl_rcv_msg+0x10/0x10
[  685.503731][T13104]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  685.503755][T13104]  ? netlink_deliver_tap+0x1ae/0xd30
[  685.503774][T13104]  genl_rcv+0x28/0x40
[  685.503790][T13104]  netlink_unicast+0x5aa/0x870
[  685.503809][T13104]  ? __pfx_netlink_unicast+0x10/0x10
[  685.503833][T13104]  netlink_sendmsg+0x8c8/0xdd0
[  685.503852][T13104]  ? __pfx_netlink_sendmsg+0x10/0x10
[  685.503874][T13104]  ____sys_sendmsg+0xa98/0xc70
[  685.503886][T13104]  ? copy_msghdr_from_user+0x10a/0x160
[  685.503901][T13104]  ? __pfx_____sys_sendmsg+0x10/0x10
[  685.503915][T13104]  ? __pfx_futex_wake_mark+0x10/0x10
[  685.503930][T13104]  ___sys_sendmsg+0x134/0x1d0
[  685.503943][T13104]  ? futex_private_hash_put+0x176/0x300
[  685.503960][T13104]  ? __pfx____sys_sendmsg+0x10/0x10
[  685.503973][T13104]  ? __lock_acquire+0x622/0x1c90
[  685.504009][T13104]  __sys_sendmsg+0x16d/0x220
[  685.504023][T13104]  ? __pfx___sys_sendmsg+0x10/0x10
[  685.504037][T13104]  ? __x64_sys_futex+0x1e0/0x4c0
[  685.504057][T13104]  do_syscall_64+0xcd/0xfa0
[  685.504069][T13104]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.504081][T13104] RIP: 0033:0x7f0a1658f6c9
[  685.504095][T13104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  685.504112][T13104] RSP: 002b:00007f0a173e8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  685.504126][T13104] RAX: ffffffffffffffda RBX: 00007f0a167e6180 RCX: 00007f0a1658f6c9
[  685.504134][T13104] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000006
[  685.504142][T13104] RBP: 00007f0a16611f91 R08: 0000000000000000 R09: 0000000000000000
[  685.504150][T13104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  685.504162][T13104] R13: 00007f0a167e6218 R14: 00007f0a167e6180 R15: 00007fffc3f2aa58
[  685.504190][T13104]  </TASK>
[  685.897794][    C0] vkms_vblank_simulate: vblank timer overrun
[  686.319676][T13108] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  686.331654][T13108] CPU: 0 UID: 0 PID: 13108 Comm: syz.2.1884 Not tainted syzkaller #0 PREEMPT(full) 
[  686.331679][T13108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  686.331688][T13108] Call Trace:
[  686.331693][T13108]  <TASK>
[  686.331700][T13108]  dump_stack_lvl+0x16c/0x1f0
[  686.331728][T13108]  sysfs_warn_dup+0x7f/0xa0
[  686.331746][T13108]  sysfs_do_create_link_sd+0x124/0x140
[  686.331763][T13108]  sysfs_create_link+0x61/0xc0
[  686.331778][T13108]  device_add+0x62c/0x1aa0
[  686.331794][T13108]  ? __pfx_device_add+0x10/0x10
[  686.331807][T13108]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  686.331823][T13108]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  686.331844][T13108]  wiphy_register+0x1eb0/0x2b20
[  686.331856][T13108]  ? netdev_run_todo+0x864/0x1320
[  686.331878][T13108]  ? __pfx_wiphy_register+0x10/0x10
[  686.331898][T13108]  ieee80211_register_hw+0x253d/0x4120
[  686.331917][T13108]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  686.331929][T13108]  ? __pfx___debug_object_init+0x10/0x10
[  686.331949][T13108]  ? find_held_lock+0x2b/0x80
[  686.331964][T13108]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  686.331978][T13108]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  686.331990][T13108]  ? __hrtimer_setup+0x176/0x280
[  686.332004][T13108]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  686.332029][T13108]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  686.332045][T13108]  ? __asan_memcpy+0x3c/0x60
[  686.332064][T13108]  hwsim_new_radio_nl+0xba2/0x1330
[  686.332081][T13108]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  686.332101][T13108]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  686.332113][T13108]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  686.332128][T13108]  genl_family_rcv_msg_doit+0x209/0x2f0
[  686.332140][T13108]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  686.332157][T13108]  ? bpf_lsm_capable+0x9/0x10
[  686.332169][T13108]  ? security_capable+0x7e/0x260
[  686.332186][T13108]  ? ns_capable+0xd7/0x110
[  686.332201][T13108]  genl_rcv_msg+0x55c/0x800
[  686.332214][T13108]  ? __pfx_genl_rcv_msg+0x10/0x10
[  686.332225][T13108]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  686.332242][T13108]  ? __lock_acquire+0x622/0x1c90
[  686.332261][T13108]  netlink_rcv_skb+0x158/0x420
[  686.332277][T13108]  ? __pfx_genl_rcv_msg+0x10/0x10
[  686.332289][T13108]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  686.332311][T13108]  ? netlink_deliver_tap+0x1ae/0xd30
[  686.332328][T13108]  genl_rcv+0x28/0x40
[  686.332344][T13108]  netlink_unicast+0x5aa/0x870
[  686.332361][T13108]  ? __pfx_netlink_unicast+0x10/0x10
[  686.332383][T13108]  netlink_sendmsg+0x8c8/0xdd0
[  686.332402][T13108]  ? __pfx_netlink_sendmsg+0x10/0x10
[  686.332420][T13108]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  686.332436][T13108]  ____sys_sendmsg+0xa98/0xc70
[  686.332448][T13108]  ? copy_msghdr_from_user+0x10a/0x160
[  686.332465][T13108]  ? __pfx_____sys_sendmsg+0x10/0x10
[  686.332479][T13108]  ? __pfx_futex_wake_mark+0x10/0x10
[  686.332495][T13108]  ___sys_sendmsg+0x134/0x1d0
[  686.332508][T13108]  ? futex_private_hash_put+0x176/0x300
[  686.332525][T13108]  ? __pfx____sys_sendmsg+0x10/0x10
[  686.332538][T13108]  ? __lock_acquire+0x622/0x1c90
[  686.332574][T13108]  __sys_sendmsg+0x16d/0x220
[  686.332588][T13108]  ? __pfx___sys_sendmsg+0x10/0x10
[  686.332602][T13108]  ? __x64_sys_futex+0x1e0/0x4c0
[  686.332632][T13108]  do_syscall_64+0xcd/0xfa0
[  686.332648][T13108]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.332661][T13108] RIP: 0033:0x7f2b4c58f6c9
[  686.332673][T13108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  686.332691][T13108] RSP: 002b:00007f2b4d419038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  686.332714][T13108] RAX: ffffffffffffffda RBX: 00007f2b4c7e6090 RCX: 00007f2b4c58f6c9
[  686.332722][T13108] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000006
[  686.332730][T13108] RBP: 00007f2b4c611f91 R08: 0000000000000000 R09: 0000000000000000
[  686.332737][T13108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  686.332743][T13108] R13: 00007f2b4c7e6128 R14: 00007f2b4c7e6090 R15: 00007ffd94a28e28
[  686.332759][T13108]  </TASK>
[  686.734362][    C0] vkms_vblank_simulate: vblank timer overrun
[  687.854014][  T778] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  688.271923][T13123] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1887'.
[  688.435167][  T778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  688.489565][  T778] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  688.511939][  T778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  688.534034][  T778] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  688.555260][  T778] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 28
[  688.748595][  T778] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  688.767470][  T778] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.775638][  T778] usb 1-1: Product: syz
[  688.783981][  T778] usb 1-1: Manufacturer: syz
[  688.788604][  T778] usb 1-1: SerialNumber: syz
[  688.795410][  T778] usb 1-1: config 0 descriptor??
[  688.802389][  T778] kvaser_usb 1-1:0.0: error -EMSGSIZE: Cannot get software info
[  688.810113][  T778] kvaser_usb 1-1:0.0: probe with driver kvaser_usb failed with error -90
[  690.015345][T13147] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1895'.
[  690.101844][T13148] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  690.113949][T13148] CPU: 0 UID: 0 PID: 13148 Comm: syz.3.1896 Not tainted syzkaller #0 PREEMPT(full) 
[  690.113975][T13148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  690.113987][T13148] Call Trace:
[  690.113994][T13148]  <TASK>
[  690.114002][T13148]  dump_stack_lvl+0x16c/0x1f0
[  690.114039][T13148]  sysfs_warn_dup+0x7f/0xa0
[  690.114066][T13148]  sysfs_do_create_link_sd+0x124/0x140
[  690.114095][T13148]  sysfs_create_link+0x61/0xc0
[  690.114119][T13148]  device_add+0x62c/0x1aa0
[  690.114146][T13148]  ? __pfx_device_add+0x10/0x10
[  690.114167][T13148]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  690.114195][T13148]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  690.114230][T13148]  wiphy_register+0x1eb0/0x2b20
[  690.114262][T13148]  ? __pfx_wiphy_register+0x10/0x10
[  690.114292][T13148]  ? ieee80211_register_hw+0x2207/0x4120
[  690.114318][T13148]  ieee80211_register_hw+0x253d/0x4120
[  690.114351][T13148]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  690.114372][T13148]  ? __pfx___debug_object_init+0x10/0x10
[  690.114408][T13148]  ? write_comp_data+0x11/0x90
[  690.114428][T13148]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  690.114451][T13148]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  690.114469][T13148]  ? __hrtimer_setup+0x176/0x280
[  690.114493][T13148]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  690.114537][T13148]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  690.114566][T13148]  ? __asan_memcpy+0x3c/0x60
[  690.114599][T13148]  hwsim_new_radio_nl+0xba2/0x1330
[  690.114628][T13148]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  690.114663][T13148]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  690.114690][T13148]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  690.114718][T13148]  genl_family_rcv_msg_doit+0x209/0x2f0
[  690.114740][T13148]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  690.114771][T13148]  ? bpf_lsm_capable+0x9/0x10
[  690.114794][T13148]  ? security_capable+0x7e/0x260
[  690.114827][T13148]  ? ns_capable+0xd7/0x110
[  690.114853][T13148]  genl_rcv_msg+0x55c/0x800
[  690.114876][T13148]  ? __pfx_genl_rcv_msg+0x10/0x10
[  690.114894][T13148]  ? irqentry_exit+0x3b/0x90
[  690.114911][T13148]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  690.114948][T13148]  netlink_rcv_skb+0x158/0x420
[  690.114975][T13148]  ? __pfx_genl_rcv_msg+0x10/0x10
[  690.114995][T13148]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  690.115041][T13148]  genl_rcv+0x28/0x40
[  690.115068][T13148]  netlink_unicast+0x5aa/0x870
[  690.115099][T13148]  ? __pfx_netlink_unicast+0x10/0x10
[  690.115139][T13148]  netlink_sendmsg+0x8c8/0xdd0
[  690.115171][T13148]  ? __pfx_netlink_sendmsg+0x10/0x10
[  690.115210][T13148]  ____sys_sendmsg+0xa98/0xc70
[  690.115230][T13148]  ? copy_msghdr_from_user+0x10a/0x160
[  690.115255][T13148]  ? __pfx_____sys_sendmsg+0x10/0x10
[  690.115282][T13148]  ? __pfx_sched_clock_cpu+0x10/0x10
[  690.115313][T13148]  ___sys_sendmsg+0x134/0x1d0
[  690.115336][T13148]  ? find_held_lock+0x2b/0x80
[  690.115360][T13148]  ? __pfx____sys_sendmsg+0x10/0x10
[  690.115383][T13148]  ? __lock_acquire+0x622/0x1c90
[  690.115438][T13148]  ? lockdep_hardirqs_on+0x70/0x110
[  690.115475][T13148]  __sys_sendmsg+0x16d/0x220
[  690.115501][T13148]  ? __pfx___sys_sendmsg+0x10/0x10
[  690.115524][T13148]  ? rcu_is_watching+0x12/0xc0
[  690.115561][T13148]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  690.115592][T13148]  do_syscall_64+0xcd/0xfa0
[  690.115612][T13148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.115631][T13148] RIP: 0033:0x7f8b7338f6c9
[  690.115648][T13148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  690.115666][T13148] RSP: 002b:00007f8b74169038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  690.115690][T13148] RAX: ffffffffffffffda RBX: 00007f8b735e6090 RCX: 00007f8b7338f6c9
[  690.115702][T13148] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000006
[  690.115714][T13148] RBP: 00007f8b73411f91 R08: 0000000000000000 R09: 0000000000000000
[  690.115726][T13148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  690.115736][T13148] R13: 00007f8b735e6128 R14: 00007f8b735e6090 R15: 00007fff9f4d65b8
[  690.115765][T13148]  </TASK>
[  690.511794][    C0] vkms_vblank_simulate: vblank timer overrun
[  690.979610][ T5871] usb 1-1: USB disconnect, device number 61
[  691.342367][T13156] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1897'.
[  693.261419][T13173] /dev/nullb0: Can't open blockdev
[  694.643681][   T30] audit: type=1804 audit(1762532628.261:810): pid=13191 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.1907" name="/newroot/366/file0" dev="tmpfs" ino=1940 res=1 errno=0
[  694.687099][T13192] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1908'.
[  695.528649][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1909'.
[  695.941106][ T5871] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  695.968070][T13204] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1913'.
[  696.649751][ T5871] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  697.203792][ T5871] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  697.216951][ T5871] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  697.226850][ T5871] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  697.236757][ T5871] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 28
[  697.257324][ T5871] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  697.266637][ T5871] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  697.283454][ T5871] usb 5-1: Product: syz
[  697.287646][ T5871] usb 5-1: Manufacturer: syz
[  697.294257][ T5871] usb 5-1: SerialNumber: syz
[  697.301056][ T5871] usb 5-1: config 0 descriptor??
[  697.318359][ T5871] kvaser_usb 5-1:0.0: error -EMSGSIZE: Cannot get software info
[  697.326527][ T5871] kvaser_usb 5-1:0.0: probe with driver kvaser_usb failed with error -90
[  697.348546][ T5871] usb 5-1: USB disconnect, device number 54
[  699.244623][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  699.251035][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  699.330533][T13247] xt_TCPMSS: Only works on TCP SYN packets
[  701.229808][T13262] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1927'.
[  701.472906][T13266] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1930'.
[  702.120707][  T778] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  702.282272][  T778] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  702.290918][  T778] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  702.329385][  T778] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  702.846614][T13283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1933'.
[  703.000076][  T778] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  703.013324][  T778] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  703.638208][  T778] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  703.714121][  T778] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  703.757260][  T778] usb 5-1: Product: syz
[  703.761432][  T778] usb 5-1: Manufacturer: syz
[  703.841651][  T778] cdc_wdm 5-1:1.0: skipping garbage
[  703.856054][  T778] cdc_wdm 5-1:1.0: skipping garbage
[  703.875276][  T778] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  704.261316][  T778] cdc_wdm 5-1:1.0: Unknown control protocol
[  704.302516][  T778] usb 5-1: USB disconnect, device number 55
[  704.389349][T13296] overlayfs: failed to resolve './file1': -2
[  706.791677][T13317] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1942'.
[  709.325600][   T30] audit: type=1804 audit(1762532641.310:811): pid=13345 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.1948" name="/newroot/418/file0" dev="tmpfs" ino=2239 res=1 errno=0
[  709.562025][T13346] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1949'.
[  709.728003][T13358] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1954'.
[  709.796132][T13358] netlink: 'syz.4.1954': attribute type 20 has an invalid length.
[  709.878344][T13358] netlink: 'syz.4.1954': attribute type 21 has an invalid length.
[  710.044506][T13364] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1953'.
[  710.517370][T13373] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1957'.
[  710.623895][ T5871] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  711.080395][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  711.100209][ T5871] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  711.122021][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  711.131793][ T5871] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  711.207170][ T5871] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 28
[  711.222677][ T5871] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  711.236389][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  711.249917][ T5871] usb 2-1: Product: syz
[  711.410910][ T5871] usb 2-1: Manufacturer: syz
[  711.426855][ T5871] usb 2-1: SerialNumber: syz
[  711.850595][ T5871] usb 2-1: config 0 descriptor??
[  711.864812][ T5871] kvaser_usb 2-1:0.0: error -EMSGSIZE: Cannot get software info
[  711.874915][ T5871] kvaser_usb 2-1:0.0: probe with driver kvaser_usb failed with error -90
[  712.511345][  T778] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  712.547490][  T978] usb 2-1: USB disconnect, device number 62
[  712.806122][  T778] usb 1-1: Using ep0 maxpacket: 32
[  713.101269][  T778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  713.112883][  T778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  713.126380][  T778] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  713.159190][  T778] usb 1-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0
[  713.185593][  T778] usb 1-1: Manufacturer: syz
[  713.203230][  T778] usb 1-1: config 0 descriptor??
[  713.906145][T13390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  713.936474][T13390] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  713.976676][  T778] ft260 0003:0403:6030.001B: unknown main item tag 0x7
[  714.091477][T13416] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1969'.
[  714.268321][  T778] ft260 0003:0403:6030.001B: chip code: 0000 0000
[  714.585701][  T778] ft260 0003:0403:6030.001B: failed to retrieve system status
[  714.990460][  T778] ft260 0003:0403:6030.001B: probe with driver ft260 failed with error -32
[  715.167672][T13433] netlink: 'syz.3.1975': attribute type 1 has an invalid length.
[  715.975085][T10100] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  716.138410][T10100] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  716.156905][T10100] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  716.183738][T10100] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  716.200669][T10100] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  716.211099][T10100] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 28
[  716.227139][T10100] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  716.237699][T10100] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  716.253949][T10100] usb 4-1: Product: syz
[  716.261696][T10100] usb 4-1: Manufacturer: syz
[  716.271098][T10100] usb 4-1: SerialNumber: syz
[  716.285484][T10100] usb 4-1: config 0 descriptor??
[  716.296476][T10100] kvaser_usb 4-1:0.0: error -EMSGSIZE: Cannot get software info
[  716.305898][T10100] kvaser_usb 4-1:0.0: probe with driver kvaser_usb failed with error -90
[  716.902980][T13452] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1978'.
[  716.916036][T10100] usb 1-1: USB disconnect, device number 62
[  716.965982][ T5886] usb 4-1: USB disconnect, device number 74
[  717.279603][T10100] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  717.322182][ T5813] Bluetooth: hci5: command 0xfc11 tx timeout
[  717.322564][T11422] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  717.490986][T13465] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  717.503400][T13465] CPU: 0 UID: 0 PID: 13465 Comm: syz.1.1981 Not tainted syzkaller #0 PREEMPT(full) 
[  717.503428][T13465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  717.503441][T13465] Call Trace:
[  717.503448][T13465]  <TASK>
[  717.503456][T13465]  dump_stack_lvl+0x16c/0x1f0
[  717.503491][T13465]  sysfs_warn_dup+0x7f/0xa0
[  717.503516][T13465]  sysfs_do_create_link_sd+0x124/0x140
[  717.503543][T13465]  sysfs_create_link+0x61/0xc0
[  717.503567][T13465]  device_add+0x62c/0x1aa0
[  717.503596][T13465]  ? __pfx_device_add+0x10/0x10
[  717.503617][T13465]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  717.503644][T13465]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  717.503681][T13465]  wiphy_register+0x1eb0/0x2b20
[  717.503715][T13465]  ? __pfx_wiphy_register+0x10/0x10
[  717.503744][T13465]  ? netdev_run_todo+0x864/0x1320
[  717.503771][T13465]  ieee80211_register_hw+0x253d/0x4120
[  717.503800][T13465]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  717.503820][T13465]  ? __pfx___debug_object_init+0x10/0x10
[  717.503856][T13465]  ? __hrtimer_setup+0x1cd/0x280
[  717.503875][T13465]  ? __hrtimer_setup+0x93/0x280
[  717.503893][T13465]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  717.503918][T13465]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  717.503937][T13465]  ? __hrtimer_setup+0x176/0x280
[  717.503960][T13465]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  717.504004][T13465]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  717.504033][T13465]  ? __asan_memcpy+0x3c/0x60
[  717.504067][T13465]  hwsim_new_radio_nl+0xba2/0x1330
[  717.504094][T13465]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  717.504129][T13465]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  717.504150][T13465]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  717.504174][T13465]  genl_family_rcv_msg_doit+0x209/0x2f0
[  717.504207][T13465]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  717.504243][T13465]  ? bpf_lsm_capable+0x9/0x10
[  717.504265][T13465]  ? security_capable+0x7e/0x260
[  717.504297][T13465]  ? ns_capable+0xd7/0x110
[  717.504323][T13465]  genl_rcv_msg+0x55c/0x800
[  717.504344][T13465]  ? __pfx_genl_rcv_msg+0x10/0x10
[  717.504362][T13465]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  717.504391][T13465]  ? __lock_acquire+0x622/0x1c90
[  717.504425][T13465]  netlink_rcv_skb+0x158/0x420
[  717.504452][T13465]  ? __pfx_genl_rcv_msg+0x10/0x10
[  717.504471][T13465]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  717.504511][T13465]  ? netlink_deliver_tap+0x1ae/0xd30
[  717.504535][T13465]  ? __rcu_read_unlock+0x2bc/0x550
[  717.504557][T13465]  genl_rcv+0x28/0x40
[  717.504581][T13465]  netlink_unicast+0x5aa/0x870
[  717.504609][T13465]  ? __pfx_netlink_unicast+0x10/0x10
[  717.504635][T13465]  ? netlink_autobind.isra.0+0xa8/0x370
[  717.504672][T13465]  netlink_sendmsg+0x8c8/0xdd0
[  717.504704][T13465]  ? __pfx_netlink_sendmsg+0x10/0x10
[  717.504733][T13465]  ? security_socket_sendmsg+0xb8/0x240
[  717.504761][T13465]  ? __sanitizer_cov_trace_pc+0x4d/0x70
[  717.504790][T13465]  ____sys_sendmsg+0xa98/0xc70
[  717.504809][T13465]  ? copy_msghdr_from_user+0x10a/0x160
[  717.504833][T13465]  ? __pfx_____sys_sendmsg+0x10/0x10
[  717.504860][T13465]  ? __pfx_sched_clock_cpu+0x10/0x10
[  717.504890][T13465]  ___sys_sendmsg+0x134/0x1d0
[  717.504913][T13465]  ? find_held_lock+0x2b/0x80
[  717.504937][T13465]  ? __pfx____sys_sendmsg+0x10/0x10
[  717.504959][T13465]  ? __lock_acquire+0x622/0x1c90
[  717.505013][T13465]  ? lockdep_hardirqs_on+0x70/0x110
[  717.505052][T13465]  __sys_sendmsg+0x16d/0x220
[  717.505078][T13465]  ? __pfx___sys_sendmsg+0x10/0x10
[  717.505101][T13465]  ? rcu_is_watching+0x12/0xc0
[  717.505137][T13465]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  717.505169][T13465]  do_syscall_64+0xcd/0xfa0
[  717.505189][T13465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  717.505213][T13465] RIP: 0033:0x7f013858f6c9
[  717.505230][T13465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  717.505248][T13465] RSP: 002b:00007f013663c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  717.505267][T13465] RAX: ffffffffffffffda RBX: 00007f01387e6090 RCX: 00007f013858f6c9
[  717.505281][T13465] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000006
[  717.505293][T13465] RBP: 00007f0138611f91 R08: 0000000000000000 R09: 0000000000000000
[  717.505306][T13465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  717.505318][T13465] R13: 00007f01387e6128 R14: 00007f01387e6090 R15: 00007ffd0ba6ee88
[  717.505349][T13465]  </TASK>
[  717.932849][    C0] vkms_vblank_simulate: vblank timer overrun
[  718.355657][T10100] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  718.435210][T13468] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1984'.
[  718.731322][T10100] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  718.805750][T10100] usb 1-1: config 0 descriptor??
[  720.284021][   T30] audit: type=1400 audit(1762532652.329:812): avc:  denied  { bind } for  pid=13460 comm="syz.0.1980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  720.319315][   T30] audit: type=1400 audit(1762532652.329:813): avc:  denied  { listen } for  pid=13460 comm="syz.0.1980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  720.857959][   T30] audit: type=1400 audit(1762532652.329:814): avc:  denied  { accept } for  pid=13460 comm="syz.0.1980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  720.877611][    C0] vkms_vblank_simulate: vblank timer overrun
[  720.992497][T13488] ucma_write: process 1352 (syz.0.1980) changed security contexts after opening file descriptor, this is not allowed.
[  721.037980][   T30] audit: type=1400 audit(1762532652.993:815): avc:  denied  { read } for  pid=13460 comm="syz.0.1980" path="socket:[42562]" dev="sockfs" ino=42562 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  721.067450][T13492] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1985'.
[  722.547191][T10100] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  722.622440][T13507] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  722.657068][T13507] CPU: 0 UID: 0 PID: 13507 Comm: syz.3.1993 Not tainted syzkaller #0 PREEMPT(full) 
[  722.657097][T13507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  722.657109][T13507] Call Trace:
[  722.657119][T13507]  <TASK>
[  722.657126][T13507]  dump_stack_lvl+0x16c/0x1f0
[  722.657149][T13507]  sysfs_warn_dup+0x7f/0xa0
[  722.657165][T13507]  sysfs_do_create_link_sd+0x124/0x140
[  722.657182][T13507]  sysfs_create_link+0x61/0xc0
[  722.657200][T13507]  device_add+0x62c/0x1aa0
[  722.657224][T13507]  ? __pfx_device_add+0x10/0x10
[  722.657244][T13507]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  722.657269][T13507]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  722.657291][T13507]  wiphy_register+0x1eb0/0x2b20
[  722.657303][T13507]  ? netdev_run_todo+0x864/0x1320
[  722.657324][T13507]  ? __pfx_wiphy_register+0x10/0x10
[  722.657344][T13507]  ieee80211_register_hw+0x253d/0x4120
[  722.657363][T13507]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  722.657376][T13507]  ? __pfx___debug_object_init+0x10/0x10
[  722.657398][T13507]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  722.657412][T13507]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  722.657424][T13507]  ? __hrtimer_setup+0x176/0x280
[  722.657438][T13507]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  722.657463][T13507]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  722.657484][T13507]  ? __asan_memcpy+0x3c/0x60
[  722.657504][T13507]  hwsim_new_radio_nl+0xba2/0x1330
[  722.657520][T13507]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  722.657541][T13507]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  722.657554][T13507]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  722.657570][T13507]  genl_family_rcv_msg_doit+0x209/0x2f0
[  722.657583][T13507]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  722.657600][T13507]  ? bpf_lsm_capable+0x9/0x10
[  722.657615][T13507]  ? security_capable+0x7e/0x260
[  722.657632][T13507]  ? ns_capable+0xd7/0x110
[  722.657646][T13507]  genl_rcv_msg+0x55c/0x800
[  722.657658][T13507]  ? __pfx_genl_rcv_msg+0x10/0x10
[  722.657670][T13507]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  722.657686][T13507]  ? __lock_acquire+0x622/0x1c90
[  722.657706][T13507]  netlink_rcv_skb+0x158/0x420
[  722.657721][T13507]  ? __pfx_genl_rcv_msg+0x10/0x10
[  722.657733][T13507]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  722.657755][T13507]  ? netlink_deliver_tap+0x1ae/0xd30
[  722.657772][T13507]  genl_rcv+0x28/0x40
[  722.657788][T13507]  netlink_unicast+0x5aa/0x870
[  722.657806][T13507]  ? __pfx_netlink_unicast+0x10/0x10
[  722.657828][T13507]  netlink_sendmsg+0x8c8/0xdd0
[  722.657846][T13507]  ? __pfx_netlink_sendmsg+0x10/0x10
[  722.657868][T13507]  ____sys_sendmsg+0xa98/0xc70
[  722.657879][T13507]  ? copy_msghdr_from_user+0x10a/0x160
[  722.657894][T13507]  ? __pfx_____sys_sendmsg+0x10/0x10
[  722.657908][T13507]  ? __pfx_futex_wake_mark+0x10/0x10
[  722.657923][T13507]  ___sys_sendmsg+0x134/0x1d0
[  722.657939][T13507]  ? __pfx____sys_sendmsg+0x10/0x10
[  722.657952][T13507]  ? __lock_acquire+0x622/0x1c90
[  722.657988][T13507]  __sys_sendmsg+0x16d/0x220
[  722.658002][T13507]  ? __pfx___sys_sendmsg+0x10/0x10
[  722.658017][T13507]  ? __x64_sys_futex+0x1e0/0x4c0
[  722.658037][T13507]  do_syscall_64+0xcd/0xfa0
[  722.658049][T13507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.658061][T13507] RIP: 0033:0x7f8b7338f6c9
[  722.658071][T13507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  722.658082][T13507] RSP: 002b:00007f8b741fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  722.658092][T13507] RAX: ffffffffffffffda RBX: 00007f8b735e6090 RCX: 00007f8b7338f6c9
[  722.658100][T13507] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000005
[  722.658106][T13507] RBP: 00007f8b73411f91 R08: 0000000000000000 R09: 0000000000000000
[  722.658113][T13507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  722.658119][T13507] R13: 00007f8b735e6128 R14: 00007f8b735e6090 R15: 00007fff9f4d65b8
[  722.658134][T13507]  </TASK>
[  723.038990][    C0] vkms_vblank_simulate: vblank timer overrun
[  723.039121][T10100] [drm:udl_init] *ERROR* Selecting channel failed
[  723.203279][T10100] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2
[  723.311000][T10100] [drm] Initialized udl on minor 2
[  724.047653][T13514] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1994'.
[  724.374310][T10100] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  724.527198][T13521] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1996'.
[  724.922571][T13524] netlink: zone id is out of range
[  724.943922][T13524] netlink: zone id is out of range
[  724.954567][T13524] netlink: zone id is out of range
[  724.972374][T10100] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  724.976652][T13524] netlink: zone id is out of range
[  725.021700][  T978] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  725.024852][T13524] netlink: zone id is out of range
[  725.035874][T10100] usb 1-1: USB disconnect, device number 63
[  725.040768][T13524] netlink: zone id is out of range
[  725.069087][T13524] netlink: get zone limit has 4 unknown bytes
[  725.072898][  T978] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  725.699365][T13532] syz_tun: entered allmulticast mode
[  725.773062][T13531] syz_tun: left allmulticast mode
[  727.839385][ T5871] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  727.863208][T13558] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  727.881946][T13558] CPU: 0 UID: 0 PID: 13558 Comm: syz.2.2006 Not tainted syzkaller #0 PREEMPT(full) 
[  727.881974][T13558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  727.881988][T13558] Call Trace:
[  727.881995][T13558]  <TASK>
[  727.882007][T13558]  dump_stack_lvl+0x16c/0x1f0
[  727.882040][T13558]  sysfs_warn_dup+0x7f/0xa0
[  727.882058][T13558]  sysfs_do_create_link_sd+0x124/0x140
[  727.882074][T13558]  sysfs_create_link+0x61/0xc0
[  727.882088][T13558]  device_add+0x62c/0x1aa0
[  727.882104][T13558]  ? __pfx_device_add+0x10/0x10
[  727.882117][T13558]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  727.882133][T13558]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  727.882154][T13558]  wiphy_register+0x1eb0/0x2b20
[  727.882166][T13558]  ? netdev_run_todo+0x864/0x1320
[  727.882187][T13558]  ? __pfx_wiphy_register+0x10/0x10
[  727.882207][T13558]  ieee80211_register_hw+0x253d/0x4120
[  727.882226][T13558]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  727.882238][T13558]  ? __pfx___debug_object_init+0x10/0x10
[  727.882259][T13558]  ? find_held_lock+0x2b/0x80
[  727.882274][T13558]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  727.882288][T13558]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  727.882300][T13558]  ? __hrtimer_setup+0x176/0x280
[  727.882314][T13558]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  727.882339][T13558]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  727.882355][T13558]  ? __asan_memcpy+0x3c/0x60
[  727.882374][T13558]  hwsim_new_radio_nl+0xba2/0x1330
[  727.882391][T13558]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  727.882411][T13558]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  727.882424][T13558]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  727.882439][T13558]  genl_family_rcv_msg_doit+0x209/0x2f0
[  727.882451][T13558]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  727.882467][T13558]  ? bpf_lsm_capable+0x9/0x10
[  727.882480][T13558]  ? security_capable+0x7e/0x260
[  727.882504][T13558]  ? ns_capable+0xd7/0x110
[  727.882520][T13558]  genl_rcv_msg+0x55c/0x800
[  727.882534][T13558]  ? __pfx_genl_rcv_msg+0x10/0x10
[  727.882546][T13558]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  727.882565][T13558]  ? __lock_acquire+0x622/0x1c90
[  727.882585][T13558]  netlink_rcv_skb+0x158/0x420
[  727.882602][T13558]  ? __pfx_genl_rcv_msg+0x10/0x10
[  727.882614][T13558]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  727.882638][T13558]  ? netlink_deliver_tap+0x1ae/0xd30
[  727.882656][T13558]  genl_rcv+0x28/0x40
[  727.882672][T13558]  netlink_unicast+0x5aa/0x870
[  727.882691][T13558]  ? __pfx_netlink_unicast+0x10/0x10
[  727.882712][T13558]  netlink_sendmsg+0x8c8/0xdd0
[  727.882731][T13558]  ? __pfx_netlink_sendmsg+0x10/0x10
[  727.882763][T13558]  ____sys_sendmsg+0xa98/0xc70
[  727.882776][T13558]  ? copy_msghdr_from_user+0x10a/0x160
[  727.882791][T13558]  ? __pfx_____sys_sendmsg+0x10/0x10
[  727.882812][T13558]  ? __lock_acquire+0xb8a/0x1c90
[  727.882841][T13558]  ___sys_sendmsg+0x134/0x1d0
[  727.882855][T13558]  ? rcu_is_watching+0x12/0xc0
[  727.882870][T13558]  ? __pfx____sys_sendmsg+0x10/0x10
[  727.882883][T13558]  ? __lock_acquire+0x622/0x1c90
[  727.882919][T13558]  __sys_sendmsg+0x16d/0x220
[  727.882934][T13558]  ? __pfx___sys_sendmsg+0x10/0x10
[  727.882947][T13558]  ? __pfx___schedule+0x10/0x10
[  727.882974][T13558]  do_syscall_64+0xcd/0xfa0
[  727.882986][T13558]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.882997][T13558] RIP: 0033:0x7f2b4c58f6c9
[  727.883007][T13558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  727.883018][T13558] RSP: 002b:00007f2b4d419038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  727.883029][T13558] RAX: ffffffffffffffda RBX: 00007f2b4c7e6090 RCX: 00007f2b4c58f6c9
[  727.883037][T13558] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000006
[  727.883043][T13558] RBP: 00007f2b4c611f91 R08: 0000000000000000 R09: 0000000000000000
[  727.883050][T13558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  727.883056][T13558] R13: 00007f2b4c7e6128 R14: 00007f2b4c7e6090 R15: 00007ffd94a28e28
[  727.883072][T13558]  </TASK>
[  728.272052][    C0] vkms_vblank_simulate: vblank timer overrun
[  728.400338][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  728.412179][ T5871] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  728.426039][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  728.435811][ T5871] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  728.445606][ T5871] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 28
[  728.497231][ T5871] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  728.507490][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.515534][ T5871] usb 2-1: Product: syz
[  728.519664][ T5871] usb 2-1: Manufacturer: syz
[  728.524417][ T5871] usb 2-1: SerialNumber: syz
[  728.531258][ T5871] usb 2-1: config 0 descriptor??
[  728.537916][ T5871] kvaser_usb 2-1:0.0: error -EMSGSIZE: Cannot get software info
[  728.545603][ T5871] kvaser_usb 2-1:0.0: probe with driver kvaser_usb failed with error -90
[  728.622126][  T778] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  728.787776][  T778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  728.820646][  T778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  728.843462][  T778] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  728.848090][  T978] usb 2-1: USB disconnect, device number 63
[  728.856717][  T778] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  728.871817][  T778] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  728.897605][  T778] usb 1-1: config 0 descriptor??
[  729.635487][  T778] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0
[  729.643131][  T778] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0
[  729.650804][  T778] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0
[  729.658320][  T778] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0
[  729.665953][  T778] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0
[  729.677967][  T778] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0
[  729.685524][  T778] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0
[  729.694317][  T778] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0
[  729.702191][  T778] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0
[  729.715980][  T778] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  730.054753][  T978] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  730.578715][  T978] usb 5-1: device descriptor read/64, error -71
[  732.622761][T13563] usb 1-1: string descriptor 0 read error: -71
[  732.726893][  T978] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  732.870973][T10100] usb 1-1: reset high-speed USB device number 64 using dummy_hcd
[  733.101846][T10100] usb 1-1: device descriptor read/64, error -32
[  733.421327][   T30] audit: type=1400 audit(1762532664.620:816): avc:  denied  { ioctl } for  pid=13591 comm="syz.3.2018" path="/425/file0" dev="tmpfs" ino=2281 ioctlcmd=0x1274 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  734.467986][T13610] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  734.481006][T13610] CPU: 0 UID: 0 PID: 13610 Comm: syz.2.2023 Not tainted syzkaller #0 PREEMPT(full) 
[  734.481035][T13610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  734.481047][T13610] Call Trace:
[  734.481054][T13610]  <TASK>
[  734.481062][T13610]  dump_stack_lvl+0x16c/0x1f0
[  734.481095][T13610]  sysfs_warn_dup+0x7f/0xa0
[  734.481119][T13610]  sysfs_do_create_link_sd+0x124/0x140
[  734.481144][T13610]  sysfs_create_link+0x61/0xc0
[  734.481168][T13610]  device_add+0x62c/0x1aa0
[  734.481193][T13610]  ? __pfx_device_add+0x10/0x10
[  734.481212][T13610]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  734.481236][T13610]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  734.481269][T13610]  wiphy_register+0x1eb0/0x2b20
[  734.481287][T13610]  ? netdev_run_todo+0x864/0x1320
[  734.481321][T13610]  ? __pfx_wiphy_register+0x10/0x10
[  734.481354][T13610]  ieee80211_register_hw+0x253d/0x4120
[  734.481389][T13610]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  734.481408][T13610]  ? __pfx___debug_object_init+0x10/0x10
[  734.481441][T13610]  ? find_held_lock+0x2b/0x80
[  734.481463][T13610]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  734.481484][T13610]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  734.481503][T13610]  ? __hrtimer_setup+0x176/0x280
[  734.481526][T13610]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  734.481568][T13610]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  734.481594][T13610]  ? __asan_memcpy+0x3c/0x60
[  734.481622][T13610]  hwsim_new_radio_nl+0xba2/0x1330
[  734.481646][T13610]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  734.481677][T13610]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  734.481695][T13610]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  734.481719][T13610]  genl_family_rcv_msg_doit+0x209/0x2f0
[  734.481738][T13610]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  734.481764][T13610]  ? bpf_lsm_capable+0x9/0x10
[  734.481784][T13610]  ? security_capable+0x7e/0x260
[  734.481812][T13610]  ? ns_capable+0xd7/0x110
[  734.481836][T13610]  genl_rcv_msg+0x55c/0x800
[  734.481857][T13610]  ? __pfx_genl_rcv_msg+0x10/0x10
[  734.481874][T13610]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  734.481900][T13610]  ? __lock_acquire+0x622/0x1c90
[  734.481930][T13610]  netlink_rcv_skb+0x158/0x420
[  734.481954][T13610]  ? __pfx_genl_rcv_msg+0x10/0x10
[  734.481973][T13610]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  734.482009][T13610]  ? netlink_deliver_tap+0x1ae/0xd30
[  734.482036][T13610]  genl_rcv+0x28/0x40
[  734.482060][T13610]  netlink_unicast+0x5aa/0x870
[  734.482089][T13610]  ? __pfx_netlink_unicast+0x10/0x10
[  734.482114][T13610]  ? skb_put+0xb0/0x1b0
[  734.482138][T13610]  netlink_sendmsg+0x8c8/0xdd0
[  734.482167][T13610]  ? __pfx_netlink_sendmsg+0x10/0x10
[  734.482201][T13610]  ____sys_sendmsg+0xa98/0xc70
[  734.482218][T13610]  ? copy_msghdr_from_user+0x10a/0x160
[  734.482239][T13610]  ? __pfx_____sys_sendmsg+0x10/0x10
[  734.482262][T13610]  ? __pfx_futex_wake_mark+0x10/0x10
[  734.482286][T13610]  ___sys_sendmsg+0x134/0x1d0
[  734.482305][T13610]  ? futex_private_hash_put+0x176/0x300
[  734.482331][T13610]  ? __pfx____sys_sendmsg+0x10/0x10
[  734.482350][T13610]  ? __lock_acquire+0x622/0x1c90
[  734.482417][T13610]  __sys_sendmsg+0x16d/0x220
[  734.482442][T13610]  ? __pfx___sys_sendmsg+0x10/0x10
[  734.482465][T13610]  ? __x64_sys_futex+0x1e0/0x4c0
[  734.482499][T13610]  do_syscall_64+0xcd/0xfa0
[  734.482517][T13610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  734.482534][T13610] RIP: 0033:0x7f2b4c58f6c9
[  734.482549][T13610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  734.482564][T13610] RSP: 002b:00007f2b4d4aa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  734.482582][T13610] RAX: ffffffffffffffda RBX: 00007f2b4c7e6090 RCX: 00007f2b4c58f6c9
[  734.482593][T13610] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000005
[  734.482604][T13610] RBP: 00007f2b4c611f91 R08: 0000000000000000 R09: 0000000000000000
[  734.482616][T13610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  734.482626][T13610] R13: 00007f2b4c7e6128 R14: 00007f2b4c7e6090 R15: 00007ffd94a28e28
[  734.482652][T13610]  </TASK>
[  734.993690][ T5817] usb 2-1: new full-speed USB device number 64 using dummy_hcd
[  735.081397][ T5878] usb 1-1: USB disconnect, device number 64
[  735.150310][T13615] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2024'.
[  735.340504][ T5817] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 10
[  735.351591][ T5817] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 141, setting to 64
[  735.387576][ T5817] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  735.423402][ T5817] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  735.616915][ T5817] usb 2-1: config 0 descriptor??
[  735.622383][T13603] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  735.862376][T13627] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  735.874384][T13627] CPU: 0 UID: 0 PID: 13627 Comm: syz.4.2027 Not tainted syzkaller #0 PREEMPT(full) 
[  735.874412][T13627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  735.874424][T13627] Call Trace:
[  735.874431][T13627]  <TASK>
[  735.874437][T13627]  dump_stack_lvl+0x16c/0x1f0
[  735.874468][T13627]  sysfs_warn_dup+0x7f/0xa0
[  735.874485][T13627]  sysfs_do_create_link_sd+0x124/0x140
[  735.874500][T13627]  sysfs_create_link+0x61/0xc0
[  735.874515][T13627]  device_add+0x62c/0x1aa0
[  735.874531][T13627]  ? __pfx_device_add+0x10/0x10
[  735.874543][T13627]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  735.874560][T13627]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  735.874581][T13627]  wiphy_register+0x1eb0/0x2b20
[  735.874593][T13627]  ? netdev_run_todo+0x864/0x1320
[  735.874615][T13627]  ? __pfx_wiphy_register+0x10/0x10
[  735.874635][T13627]  ieee80211_register_hw+0x253d/0x4120
[  735.874654][T13627]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  735.874666][T13627]  ? __pfx___debug_object_init+0x10/0x10
[  735.874686][T13627]  ? find_held_lock+0x2b/0x80
[  735.874701][T13627]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  735.874715][T13627]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  735.874726][T13627]  ? __hrtimer_setup+0x176/0x280
[  735.874741][T13627]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  735.874765][T13627]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  735.874782][T13627]  ? __asan_memcpy+0x3c/0x60
[  735.874801][T13627]  hwsim_new_radio_nl+0xba2/0x1330
[  735.874818][T13627]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  735.874838][T13627]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  735.874850][T13627]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  735.874865][T13627]  genl_family_rcv_msg_doit+0x209/0x2f0
[  735.874877][T13627]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  735.874894][T13627]  ? bpf_lsm_capable+0x9/0x10
[  735.874906][T13627]  ? security_capable+0x7e/0x260
[  735.874923][T13627]  ? ns_capable+0xd7/0x110
[  735.874937][T13627]  genl_rcv_msg+0x55c/0x800
[  735.874950][T13627]  ? __pfx_genl_rcv_msg+0x10/0x10
[  735.874961][T13627]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  735.874978][T13627]  ? __lock_acquire+0x622/0x1c90
[  735.874997][T13627]  netlink_rcv_skb+0x158/0x420
[  735.875013][T13627]  ? __pfx_genl_rcv_msg+0x10/0x10
[  735.875025][T13627]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  735.875055][T13627]  ? netlink_deliver_tap+0x1ae/0xd30
[  735.875076][T13627]  genl_rcv+0x28/0x40
[  735.875091][T13627]  netlink_unicast+0x5aa/0x870
[  735.875118][T13627]  ? __pfx_netlink_unicast+0x10/0x10
[  735.875141][T13627]  ? netlink_autobind.isra.0+0xa8/0x370
[  735.875162][T13627]  netlink_sendmsg+0x8c8/0xdd0
[  735.875180][T13627]  ? __pfx_netlink_sendmsg+0x10/0x10
[  735.875199][T13627]  ? bpf_lsm_socket_sendmsg+0x4/0x10
[  735.875219][T13627]  ____sys_sendmsg+0xa98/0xc70
[  735.875231][T13627]  ? copy_msghdr_from_user+0x10a/0x160
[  735.875246][T13627]  ? __pfx_____sys_sendmsg+0x10/0x10
[  735.875258][T13627]  ? __lock_acquire+0xb8a/0x1c90
[  735.875279][T13627]  ___sys_sendmsg+0x134/0x1d0
[  735.875294][T13627]  ? __pfx____sys_sendmsg+0x10/0x10
[  735.875328][T13627]  __sys_sendmsg+0x16d/0x220
[  735.875343][T13627]  ? __pfx___sys_sendmsg+0x10/0x10
[  735.875356][T13627]  ? __x64_sys_futex+0x1e0/0x4c0
[  735.875378][T13627]  do_syscall_64+0xcd/0xfa0
[  735.875390][T13627]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.875401][T13627] RIP: 0033:0x7f30ea78f6c9
[  735.875412][T13627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  735.875422][T13627] RSP: 002b:00007f30eb5b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  735.875434][T13627] RAX: ffffffffffffffda RBX: 00007f30ea9e6090 RCX: 00007f30ea78f6c9
[  735.875441][T13627] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000006
[  735.875448][T13627] RBP: 00007f30ea811f91 R08: 0000000000000000 R09: 0000000000000000
[  735.875460][T13627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  735.875467][T13627] R13: 00007f30ea9e6128 R14: 00007f30ea9e6090 R15: 00007ffe06f71ce8
[  735.875483][T13627]  </TASK>
[  736.308765][ T5817] ath6kl: Failed to submit usb control message: -71
[  736.315432][ T5817] ath6kl: unable to send the bmi data to the device: -71
[  736.322581][ T5817] ath6kl: Unable to send get target info: -71
[  736.361835][ T5817] ath6kl: Failed to init ath6kl core: -71
[  736.368192][ T5817] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  736.379162][ T5817] usb 2-1: USB disconnect, device number 64
[  736.589605][T13629] KVM: debugfs: duplicate directory 13629-6
[  739.043485][   T30] audit: type=1326 audit(1762532669.886:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13643 comm="syz.3.2033" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b7338f6c9 code=0x0
[  739.346305][T13652] netlink: 'syz.1.2035': attribute type 12 has an invalid length.
[  739.935699][T13662] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (comedi_parport)
[  739.946381][T13662] sctp: [Deprecated]: syz.0.2037 (pid 13662) Use of int in max_burst socket option.
[  739.946381][T13662] Use struct sctp_assoc_value instead
[  739.962794][T11422] Bluetooth: hci4: unexpected event for opcode 0x0c1a
[  740.363288][T13678] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2041'.
[  741.268485][T13696] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2045'.
[  743.202862][T13697] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2046'.
[  743.893194][T13705] KVM: debugfs: duplicate directory 13705-6
[  744.300988][T13715] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2052'.
[  744.889271][T10100] usb 2-1: new full-speed USB device number 65 using dummy_hcd
[  745.162679][T10100] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 10
[  745.197786][T10100] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 141, setting to 64
[  745.278288][T10100] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  745.287435][T10100] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  745.299124][T10100] usb 2-1: config 0 descriptor??
[  745.304773][T13719] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  745.545357][ T5817] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  745.748464][ T5878] usb 1-1: new full-speed USB device number 65 using dummy_hcd
[  745.843209][T10100] ath6kl: Failed to submit usb control message: -71
[  745.851261][T10100] ath6kl: unable to send the bmi data to the device: -71
[  745.858607][T10100] ath6kl: Unable to send get target info: -71
[  745.878869][T10100] ath6kl: Failed to init ath6kl core: -71
[  745.891673][ T5817] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  745.897099][T10100] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  745.913510][ T5878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 10
[  745.925011][ T5878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 141, setting to 64
[  745.941309][T10100] usb 2-1: USB disconnect, device number 65
[  745.949783][ T5878] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  745.949786][ T5817] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  745.949812][ T5817] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  746.009689][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  746.020729][ T5878] usb 1-1: config 0 descriptor??
[  746.026526][T13734] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  746.076798][ T5817] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  746.096690][ T5817] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  746.112420][ T5817] usb 3-1: Product: syz
[  746.121491][ T5817] usb 3-1: Manufacturer: syz
[  746.131520][ T5817] usb 3-1: SerialNumber: syz
[  746.142869][ T5817] usb 3-1: config 0 descriptor??
[  746.164076][T13738] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  746.308255][ T5878] ath6kl: Failed to submit usb control message: -71
[  746.315398][ T5878] ath6kl: unable to send the bmi data to the device: -71
[  746.328060][ T5878] ath6kl: Unable to send get target info: -71
[  746.343318][ T5878] ath6kl: Failed to init ath6kl core: -71
[  746.359508][ T5878] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  746.388651][ T5878] usb 1-1: USB disconnect, device number 65
[  746.391780][T13738] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  749.447575][ T5817] usb 3-1: USB disconnect, device number 61
[  750.281457][T13768] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2066'.
[  750.652945][T13763] KVM: debugfs: duplicate directory 13763-6
[  751.775502][ T5817] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  752.251769][ T5817] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  752.297621][ T5817] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  752.308257][ T5817] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  752.330982][ T5817] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  752.372743][ T5817] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  752.392487][T13781] xt_l2tp: v2 doesn't support IP mode
[  752.396396][ T5817] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  752.407300][ T5817] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  752.418859][ T5817] usb 3-1: Product: syz
[  752.441503][ T5817] usb 3-1: Manufacturer: syz
[  752.450644][ T5817] cdc_wdm 3-1:1.0: skipping garbage
[  752.456172][ T5817] cdc_wdm 3-1:1.0: skipping garbage
[  752.479336][ T5817] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  752.597589][ T5817] cdc_wdm 3-1:1.0: Unknown control protocol
[  753.232943][  T778] usb 3-1: USB disconnect, device number 62
[  753.766258][   T30] audit: type=1804 audit(1762532683.655:818): pid=13792 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.2073" name="/newroot/445/file0" dev="tmpfs" ino=2378 res=1 errno=0
[  756.836347][T13826] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2082'.
[  757.284078][T13828] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2084'.
[  758.259802][T13843] capability: warning: `syz.4.2083' uses deprecated v2 capabilities in a way that may be insecure
[  758.449023][T13851] /dev/nullb0: Can't open blockdev
[  759.065162][T13858] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2090'.
[  761.217579][T13885] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2097'.
[  762.114000][T13888] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2098'.
[  762.288396][T13893] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2099'.
[  762.752416][T11422] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  763.341016][T13907] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�x%�M�F�-����I'
[  763.353204][T13907] CPU: 0 UID: 0 PID: 13907 Comm: syz.2.2102 Not tainted syzkaller #0 PREEMPT(full) 
[  763.353232][T13907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  763.353244][T13907] Call Trace:
[  763.353251][T13907]  <TASK>
[  763.353259][T13907]  dump_stack_lvl+0x16c/0x1f0
[  763.353301][T13907]  sysfs_warn_dup+0x7f/0xa0
[  763.353324][T13907]  sysfs_do_create_link_sd+0x124/0x140
[  763.353346][T13907]  sysfs_create_link+0x61/0xc0
[  763.353365][T13907]  device_add+0x62c/0x1aa0
[  763.353388][T13907]  ? __pfx_device_add+0x10/0x10
[  763.353405][T13907]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  763.353429][T13907]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  763.353456][T13907]  wiphy_register+0x1eb0/0x2b20
[  763.353472][T13907]  ? netdev_run_todo+0x864/0x1320
[  763.353500][T13907]  ? __pfx_wiphy_register+0x10/0x10
[  763.353528][T13907]  ieee80211_register_hw+0x253d/0x4120
[  763.353553][T13907]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  763.353569][T13907]  ? __pfx___debug_object_init+0x10/0x10
[  763.353597][T13907]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  763.353612][T13907]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  763.353631][T13907]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  763.353645][T13907]  ? __hrtimer_setup+0x176/0x280
[  763.353663][T13907]  mac80211_hwsim_new_radio+0x32d8/0x50b0
[  763.353697][T13907]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  763.353719][T13907]  ? __asan_memcpy+0x3c/0x60
[  763.353744][T13907]  hwsim_new_radio_nl+0xba2/0x1330
[  763.353767][T13907]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  763.353794][T13907]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  763.353810][T13907]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  763.353829][T13907]  genl_family_rcv_msg_doit+0x209/0x2f0
[  763.353845][T13907]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  763.353869][T13907]  ? __sanitizer_cov_trace_pc+0x56/0x70
[  763.353887][T13907]  ? ns_capable+0xd7/0x110
[  763.353906][T13907]  genl_rcv_msg+0x55c/0x800
[  763.353923][T13907]  ? __pfx_genl_rcv_msg+0x10/0x10
[  763.353935][T13907]  ? __pfx___schedule+0x10/0x10
[  763.353957][T13907]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  763.353980][T13907]  ? mark_held_locks+0x49/0x80
[  763.354006][T13907]  netlink_rcv_skb+0x158/0x420
[  763.354027][T13907]  ? __pfx_genl_rcv_msg+0x10/0x10
[  763.354042][T13907]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  763.354061][T13907]  ? preempt_schedule_thunk+0x16/0x30
[  763.354093][T13907]  ? netlink_deliver_tap+0x1ae/0xd30
[  763.354116][T13907]  genl_rcv+0x28/0x40
[  763.354137][T13907]  netlink_unicast+0x5aa/0x870
[  763.354164][T13907]  ? __pfx_netlink_unicast+0x10/0x10
[  763.354195][T13907]  netlink_sendmsg+0x8c8/0xdd0
[  763.354223][T13907]  ? __pfx_netlink_sendmsg+0x10/0x10
[  763.354258][T13907]  ____sys_sendmsg+0xa98/0xc70
[  763.354279][T13907]  ? copy_msghdr_from_user+0x10a/0x160
[  763.354298][T13907]  ? __pfx_____sys_sendmsg+0x10/0x10
[  763.354324][T13907]  ___sys_sendmsg+0x134/0x1d0
[  763.354343][T13907]  ? lockdep_hardirqs_on+0x7c/0x110
[  763.354371][T13907]  ? __pfx____sys_sendmsg+0x10/0x10
[  763.354390][T13907]  ? __lock_acquire+0x622/0x1c90
[  763.354450][T13907]  __sys_sendmsg+0x16d/0x220
[  763.354472][T13907]  ? __pfx___sys_sendmsg+0x10/0x10
[  763.354493][T13907]  ? __x64_sys_futex+0x1e0/0x4c0
[  763.354523][T13907]  do_syscall_64+0xcd/0xfa0
[  763.354538][T13907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  763.354553][T13907] RIP: 0033:0x7f2b4c58f6c9
[  763.354566][T13907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  763.354581][T13907] RSP: 002b:00007f2b4d419038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  763.354595][T13907] RAX: ffffffffffffffda RBX: 00007f2b4c7e6090 RCX: 00007f2b4c58f6c9
[  763.354605][T13907] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000006
[  763.354614][T13907] RBP: 00007f2b4c611f91 R08: 0000000000000000 R09: 0000000000000000
[  763.354622][T13907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  763.354631][T13907] R13: 00007f2b4c7e6128 R14: 00007f2b4c7e6090 R15: 00007ffd94a28e28
[  763.354653][T13907]  </TASK>
[  763.746699][    C0] vkms_vblank_simulate: vblank timer overrun
[  764.793345][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  764.799987][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  764.863274][  T778] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  764.937490][T13925] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2109'.
[  765.341022][  T778] usb 5-1: Using ep0 maxpacket: 16
[  765.392621][  T778] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  765.417107][  T778] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  766.077504][T13936] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2113'.
[  766.452837][T13939] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (comedi_parport)
[  766.475221][  T778] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  766.488956][    C0] Oops: divide error: 0000 [#1] SMP KASAN NOPTI
[  766.495216][    C0] CPU: 0 UID: 0 PID: 13939 Comm: syz.2.2110 Not tainted syzkaller #0 PREEMPT(full) 
[  766.504565][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  766.514615][    C0] RIP: 0010:comedi_inc_scan_progress+0x1cc/0x340
[  766.520932][    C0] Code: 00 00 00 03 43 2c 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 14 11 84 d2 74 09 80 fa 03 0f 8e 53 01 00 00 31 d2 <f7> b3 80 00 00 00 89 53 2c e8 a6 53 fa f8 48 8d 7b 34 48 b8 00 00
[  766.540524][    C0] RSP: 0018:ffffc90000007d90 EFLAGS: 00010046
[  766.546573][    C0] RAX: 0000000000000001 RBX: ffff88802f6e6a00 RCX: 1ffff11005edcd50
[  766.554528][    C0] RDX: 0000000000000000 RSI: ffffffff88c2b988 RDI: ffff88802f6e6a80
[  766.562503][    C0] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[  766.570477][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000002
[  766.578441][    C0] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  766.586398][    C0] FS:  00007f2b4d4aa6c0(0000) GS:ffff888124a08000(0000) knlGS:0000000000000000
[  766.595407][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  766.601978][    C0] CR2: 00007f8b741156c0 CR3: 0000000077845000 CR4: 00000000003526f0
[  766.609930][    C0] Call Trace:
[  766.613186][    C0]  <IRQ>
[  766.616032][    C0]  comedi_buf_write_samples+0x406/0x640
[  766.621572][    C0]  parport_interrupt+0xec/0x150
[  766.626400][    C0]  ? __pfx_parport_interrupt+0x10/0x10
[  766.631840][    C0]  ? do_raw_spin_unlock+0x172/0x230
[  766.637193][    C0]  ? __pfx_parport_interrupt+0x10/0x10
[  766.642626][    C0]  __handle_irq_event_percpu+0x236/0x920
[  766.648240][    C0]  handle_irq_event+0xab/0x1e0
[  766.652983][    C0]  handle_edge_irq+0x3ca/0x9e0
[  766.657727][    C0]  __common_interrupt+0xd0/0x2f0
[  766.662645][    C0]  common_interrupt+0xba/0xe0
[  766.667310][    C0]  </IRQ>
[  766.670218][    C0]  <TASK>
[  766.673126][    C0]  asm_common_interrupt+0x26/0x40
[  766.678129][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[  766.684537][    C0] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 36 8a 35 f6 48 89 df e8 1e de 35 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 45 e6 25 f6 65 8b 05 7e 25 3e 08 85 c0 74 16 5b
[  766.704119][    C0] RSP: 0018:ffffc9000fac7a58 EFLAGS: 00000246
[  766.710162][    C0] RAX: 0000000000000006 RBX: ffffffff9add9280 RCX: 0000000000000006
[  766.718124][    C0] RDX: 0000000000000000 RSI: ffffffff8da2b754 RDI: ffffffff8bf07040
[  766.726073][    C0] RBP: 0000000000000287 R08: 0000000000000001 R09: 0000000000000001
[  766.734019][    C0] R10: ffffffff90820cd7 R11: 0000000000000001 R12: ffffffff8f05d460
[  766.741968][    C0] R13: 0000000000000003 R14: 0000000000000000 R15: 1ffff92001f58f5b
[  766.749922][    C0]  serial8250_config_port+0x1742/0x5040
[  766.755465][    C0]  ? __pfx_serial8250_config_port+0x10/0x10
[  766.761358][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  766.767347][    C0]  univ8250_config_port+0x279/0x3b0
[  766.772574][    C0]  uart_ioctl+0xfd5/0x3080
[  766.777022][    C0]  ? __pfx_uart_ioctl+0x10/0x10
[  766.781871][    C0]  ? rcu_is_watching+0x12/0xc0
[  766.786616][    C0]  ? irqentry_exit+0x3b/0x90
[  766.791183][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  766.796370][    C0]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  766.802249][    C0]  ? __pfx_uart_ioctl+0x10/0x10
[  766.807086][    C0]  tty_ioctl+0x661/0x1680
[  766.811400][    C0]  ? __pfx_tty_ioctl+0x10/0x10
[  766.816182][    C0]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  766.823035][    C0]  ? hook_file_ioctl_common+0x145/0x410
[  766.828582][    C0]  ? selinux_file_ioctl+0x180/0x270
[  766.833764][    C0]  ? selinux_file_ioctl+0xb4/0x270
[  766.838854][    C0]  ? __pfx_tty_ioctl+0x10/0x10
[  766.843605][    C0]  __x64_sys_ioctl+0x18e/0x210
[  766.848356][    C0]  do_syscall_64+0xcd/0xfa0
[  766.852840][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  766.858741][    C0] RIP: 0033:0x7f2b4c58f6c9
[  766.863137][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  766.882731][    C0] RSP: 002b:00007f2b4d4aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  766.891157][    C0] RAX: ffffffffffffffda RBX: 00007f2b4c7e6090 RCX: 00007f2b4c58f6c9
[  766.899122][    C0] RDX: 0000000000000000 RSI: 0000000000005453 RDI: 0000000000000004
[  766.907083][    C0] RBP: 00007f2b4c611f91 R08: 0000000000000000 R09: 0000000000000000
[  766.915036][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  766.922990][    C0] R13: 00007f2b4c7e6128 R14: 00007f2b4c7e6090 R15: 00007ffd94a28e28
[  766.930959][    C0]  </TASK>
[  766.933957][    C0] Modules linked in:
[  766.937831][    C0] ---[ end trace 0000000000000000 ]---
[  766.943261][    C0] RIP: 0010:comedi_inc_scan_progress+0x1cc/0x340
[  766.949574][    C0] Code: 00 00 00 03 43 2c 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 14 11 84 d2 74 09 80 fa 03 0f 8e 53 01 00 00 31 d2 <f7> b3 80 00 00 00 89 53 2c e8 a6 53 fa f8 48 8d 7b 34 48 b8 00 00
[  766.969161][    C0] RSP: 0018:ffffc90000007d90 EFLAGS: 00010046
[  766.975207][    C0] RAX: 0000000000000001 RBX: ffff88802f6e6a00 RCX: 1ffff11005edcd50
[  766.983159][    C0] RDX: 0000000000000000 RSI: ffffffff88c2b988 RDI: ffff88802f6e6a80
[  766.991109][    C0] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[  766.999077][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000002
[  767.007032][    C0] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  767.014980][    C0] FS:  00007f2b4d4aa6c0(0000) GS:ffff888124a08000(0000) knlGS:0000000000000000
[  767.023903][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  767.030466][    C0] CR2: 00007f8b741156c0 CR3: 0000000077845000 CR4: 00000000003526f0
[  767.038437][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[  767.045932][    C0] Kernel Offset: disabled
[  767.050247][    C0] Rebooting in 86400 seconds..