last executing test programs:

41m11.341603256s ago: executing program 2 (id=1887):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r0, &(0x7f0000005c40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x5}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000d40)=""/213, 0xd5}, {&(0x7f0000000e40)=""/251, 0xfb}, {&(0x7f0000000f40)=""/239, 0xef}, {&(0x7f0000003bc0)=""/4096, 0x1000}, {&(0x7f0000001040)=""/251, 0xfb}, {&(0x7f00000005c0)=""/40, 0x28}, {&(0x7f0000001140)=""/242, 0xf2}, {&(0x7f0000001240)=""/166, 0xa6}], 0x8}, 0x9}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x869}], 0x5, 0x2120, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4004088}, 0x0)

41m11.208331496s ago: executing program 2 (id=1888):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b8b, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

41m10.69743535s ago: executing program 2 (id=1891):
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x505042, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x111, 0x6}}, 0x20)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
socket$unix(0x1, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
writev(r2, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

41m9.148131962s ago: executing program 2 (id=1896):
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x2, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000140)="f30fbd020f060f001966b80d010f00d066bad00466ed0f2382d9c8c4e17d50f80f8c8c2e000066ba4200ed"}], 0x1, 0x6a, 0x0, 0x39)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="500000000101010400000000000000000a00000a3c0002802c000180140003"], 0x50}}, 0x40804)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000440)='fd\x00')
getdents(r6, &(0x7f0000000040)=""/35, 0x23)
getdents(r6, 0xffffffffffffffff, 0x5a)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
write$UHID_GET_REPORT_REPLY(r6, &(0x7f0000000000)={0xa, {0x7, 0x5, 0x2}}, 0xa)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_SREGS(r11, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x30000, 0xe, 0xf1, 0x5, 0xfd, 0xff, 0xd4, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x80a0000, 0xd, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xdddd0000, 0xdddd1000, 0x0, 0x3, 0x0, 0x7, 0x4, 0x1, 0x7d, 0x0, 0x6, 0x5}, {0x8000000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x3, 0xd, 0x6, 0x3, 0x4f, 0x1}, {0x100000, 0x4000, 0x9, 0x1, 0x3, 0x9, 0x5, 0x6, 0x5, 0x7f, 0x10, 0x4b}, {0xa2000, 0x8000000, 0xb, 0x6, 0x3, 0x6e, 0x1, 0xff, 0xc, 0x90, 0x1, 0xfa}, {0x8000000, 0x4000, 0x8, 0x4, 0x2, 0x5, 0x0, 0xa, 0x5, 0x7, 0x9, 0x81}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x28, 0x3, 0xa, 0x9, 0x54, 0x7b, 0x2, 0x7}, {0xeeef0000, 0x5}, {0x4, 0x1}, 0x0, 0x0, 0x4000, 0x300, 0x5, 0x3000, 0xe6e78c00, [0x0, 0x401, 0x7, 0xc5]})
ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x8b0, 0x0, 0x1000000001}]})
move_mount(r7, &(0x7f0000000140)='.\x00', r0, &(0x7f0000000300)='./file0\x00', 0x41)
read$snapshot(r0, &(0x7f0000000200)=""/121, 0x79)

41m8.555275569s ago: executing program 2 (id=1897):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109"], 0x0)
r1 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
sendfile(r1, r1, 0x0, 0x1ff)
syz_usb_disconnect(r0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
recvmsg$can_bcm(r2, &(0x7f0000000640)={&(0x7f0000000280)=@qipcrtr, 0x80, &(0x7f0000000500)=[{&(0x7f0000000380)=""/243, 0xf3}, {&(0x7f0000000480)=""/102, 0x66}, {&(0x7f0000000300)=""/33, 0x21}], 0x3}, 0x40002042)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000000)={0x0, 0x4ec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x840, 0x0)
ioctl$SNDCTL_SYNTH_MEMAVL(r6, 0xc004510e, &(0x7f0000000080)=0x80000001)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x5)
r7 = socket$inet6(0xa, 0x2, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adbaa402})
r9 = socket$kcm(0x2, 0xa, 0x2)
syz_emit_ethernet(0x82, &(0x7f0000000100)={@multicast, @link_local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x8, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x61, 0x0, {0x16, 0x4, 0x0, 0x0, 0x0, 0xfffd, 0x4000, 0x0, 0x6c, 0x9, @dev={0xac, 0x14, 0x14, 0x10}, @remote, {[@timestamp_addr={0x44, 0x44, 0x0, 0x1, 0x0, [{@rand_addr=0x86dd}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}}, {@rand_addr, 0x4f}, {@local}, {@loopback}, {@local, 0x4}, {@multicast1}]}]}}}}}}}, 0x0)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r8, &(0x7f0000000b00)={@val={0xa}, @void, @eth={@broadcast, @remote, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0xa5, 0x11, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2, {[], {0x4f19, 0x4e20, 0xa5, 0x0, @opaque="6032a60d61027fc56132c70c5b2e374ea5c9f253bf510947670b66f27987c44cc92a4983e3a69d4d66f715db6bc3764c5d931bc54d44513770f4b8bab1f436c8435573795c1f21366220b8b21cf6acdd26fea91dd8728f7d1c0a41155f0da56ee7de80b5f1c653c10b002572c5c4da53d762eb53958e6688b73b8e214e6751ee18257e15bcde775faacada05890f86de2e3f8bd227b6c8631f9e340f3d"}}}}}}}, 0xdf)
recvmmsg(r7, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000540)=""/208, 0xd0}, {0x0, 0x12}, {&(0x7f0000000700)=""/241, 0xf1}], 0x3}, 0x7dcf}], 0x1, 0x120, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x101800, 0x0)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0)
r10 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r10, 0x0, 0x0)
getsockopt$inet_mptcp_buf(r10, 0x11c, 0x3, &(0x7f0000000040)=""/185, &(0x7f0000000140)=0xb9)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)

41m7.88664084s ago: executing program 2 (id=1902):
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x8000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
syz_clone(0xa005180, 0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x1, 0x200000)
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x6, 0xfffffffffffffffd, 0x9, 0x40, 0x2, 0xd, 0x0, 0xd000000}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x5, 0x8}, 0x0, 0x0)

41m7.49051975s ago: executing program 32 (id=1902):
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x8000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
syz_clone(0xa005180, 0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x1, 0x200000)
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x6, 0xfffffffffffffffd, 0x9, 0x40, 0x2, 0xd, 0x0, 0xd000000}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x5, 0x8}, 0x0, 0x0)

8.246829075s ago: executing program 3 (id=13235):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x9, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r1, 0x1004)
r2 = syz_open_procfs(0x0, &(0x7f0000002040)='net/tcp\x00')
read$FUSE(r2, &(0x7f0000000000)={0x2020}, 0x96)
close(r1)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000020c0)=@mmap={0x69, 0x1, 0x4, 0x4, 0x765, {0x0, 0xea60}, {0x3, 0xc, 0x3, 0x91, 0x7, 0x2e, "f0cbb81d"}, 0x7, 0x1, {}, 0xf})
read$FUSE(r2, &(0x7f0000004340)={0x2020}, 0x2020)
setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)

8.142714937s ago: executing program 3 (id=13236):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009"], 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="200084"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000400)="b9")
fsopen(&(0x7f00000000c0)='fusectl\x00', 0x1)

7.624310152s ago: executing program 4 (id=13239):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000200)={'sit0\x00', &(0x7f0000000180)={'ip_vti0\x00', 0x0, 0x10, 0x20, 0x9f, 0x6, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x68, 0x0, 0x8f, 0x4, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, {[@generic={0x44, 0x2}]}}}}})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
r3 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_S_OUTPUT(r3, 0xc004562f, &(0x7f0000000040)=0x80000001)
r4 = gettid()
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xefffffea]}, 0x0, 0x8)
timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r4}, &(0x7f0000044000))
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
r6 = userfaultfd(0x801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000146000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r6, 0xc018aa06, &(0x7f0000000040)={{&(0x7f000040a000/0x800000)=nil, 0x800000}})
rt_sigsuspend(&(0x7f00000005c0)={[0x8]}, 0x8)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCSPASS(r8, 0x40107447, &(0x7f0000000140)={0x1, &(0x7f00000016c0)=[{0x6, 0xfc}]})
ioctl$PPPIOCSDEBUG(r8, 0x40047440, &(0x7f0000000040)=0x29)
write$ppp(r8, &(0x7f00000005c0)='6\x00', 0x2)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000340)={0x42e0, {0x1, 0x0, 0x0, 0x1, 0x0, 0xffff}})
ioctl$UI_SET_EVBIT(r7, 0x40045564, 0x3)
write$uinput_user_dev(r7, &(0x7f0000000380)={'syz1\x00', {0x1, 0x2, 0x1f7, 0xb06}, 0x25, [0x1000, 0x10001, 0x80, 0x10, 0xc, 0x827, 0x0, 0x1, 0xcf1, 0x2, 0x0, 0x8, 0x6, 0x100, 0xc776, 0x20000007, 0x7, 0xd, 0x7f, 0xfffffffd, 0xfffffffd, 0x6, 0x2, 0xa, 0xe, 0x1, 0x80000000, 0x104, 0x8, 0xb, 0x4, 0xa9, 0x956, 0x1, 0x88, 0x4, 0x8000, 0x7, 0xa, 0x0, 0x9dd, 0x0, 0xf82d, 0x80000000, 0x7, 0x2, 0x7fff, 0x1f524c9c, 0x40000000, 0x6, 0xb05, 0xc, 0x5, 0x5, 0x6, 0x23, 0x0, 0x3, 0x0, 0x9, 0x5, 0x6252, 0x0, 0x3fcc], [0x800, 0x96, 0x2fd1d58, 0x0, 0x401, 0x4, 0x1, 0x8, 0x7, 0x80, 0xfff, 0x2f, 0x9, 0x0, 0x10001, 0x0, 0xfffffbff, 0x6, 0x100, 0x7, 0x7fffffff, 0x1, 0x8001, 0x800, 0xd, 0x20000005, 0x1000, 0x8, 0x1, 0x9, 0x80000000, 0xc, 0x1, 0x0, 0xfa, 0x7, 0x9f9, 0x1, 0x2, 0xb342, 0x2, 0x451f, 0x1, 0x605f, 0xb2, 0xd4e5, 0x3, 0x80000001, 0x1, 0x2, 0x8, 0x0, 0x8, 0xa, 0x101, 0xca8, 0x0, 0x7fffffff, 0xfffffffe, 0xffffff81, 0x5, 0x7, 0x5, 0xff], [0xfffffff5, 0x0, 0x0, 0x1dd, 0x6, 0x0, 0x80000349, 0x10000000, 0x80000001, 0xcb4, 0x4, 0x587a, 0x0, 0xe, 0x100, 0xa0000000, 0x6, 0x5, 0x4, 0x9, 0x6, 0x5, 0xcc, 0x7, 0x200, 0x8, 0x6, 0x6, 0x3, 0x10001, 0x7fff, 0x1, 0xfb, 0x2, 0x5, 0x1, 0x0, 0x1fd, 0x6, 0xf, 0x4, 0x1000002, 0x1000, 0x1000fa, 0x5, 0x2, 0x6, 0x0, 0x2, 0x3, 0x9, 0x0, 0x7, 0x4, 0x8, 0x2, 0xff, 0x0, 0x6, 0x7ff, 0xd, 0x7, 0x3], [0x2e, 0x9, 0x1000001, 0x1d47, 0x5, 0x0, 0x4, 0x0, 0x4, 0x2b, 0x6, 0x81, 0x8, 0x5, 0xd, 0x1, 0x7fff, 0x3, 0x4, 0x5, 0x2acd684b, 0x2, 0x0, 0x80000000, 0x9, 0x4, 0x41, 0x7, 0x2, 0x7fff, 0x80, 0x6, 0xda, 0x200, 0x0, 0x6, 0x6, 0xa0000, 0x5, 0x4, 0x8, 0x8, 0x5, 0xffffff2d, 0x8, 0xff, 0x6, 0x9, 0x8cb3, 0x7, 0x400, 0x7, 0x10000, 0x1c0000, 0x8, 0xaa3, 0x38e5, 0x0, 0x5, 0x2, 0x1, 0x1, 0x6, 0x4]}, 0x45c)
dup3(r2, r1, 0x0)

6.567601388s ago: executing program 4 (id=13248):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r1, &(0x7f00000003c0)={&(0x7f0000000000)={0xa, 0x4e21, 0x80000, @dev={0xfe, 0x80, '\x00', 0x42}, 0xfffffffe}, 0x1c, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="2400000000000000290000003200000000969b9bce0000000000ffff00000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x28}, 0x40e0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="1400000016000b43d27a80648c2594f90924fc60", 0x14}], 0x1, 0x0, 0x0, 0x600}, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xd000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r5, 0xc018aec0, &(0x7f00000000c0)={0x1})
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000380)={0x2, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000001c0)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001c40))
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x20000)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000200)={0x2, 0x4e20, @multicast2}, 0x10)
connect$inet(r6, &(0x7f00000002c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
sendmsg$inet(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="c962", 0x2}], 0x1}, 0x4004045)
r7 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
sendfile(r6, r7, 0x0, 0x7ffff006)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000fe6000/0x14000)=nil, 0x14000, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/174, 0xae, 0x0, 0x0}, &(0x7f0000000100)=0x40)
ioctl$KDGKBLED(0xffffffffffffffff, 0x4b64, &(0x7f0000000240))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101201, 0x0)
fcntl$dupfd(r1, 0x406, r8)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)

5.484914911s ago: executing program 4 (id=13253):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000130d00"/20, @ANYRES32=0x0, @ANYBLOB="d11101000000000008000500", @ANYRES32=r1, @ANYBLOB="140012800c0001006d6163766c616e"], 0x3c}, 0x1, 0x0, 0x0, 0x4004014}, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0)

5.393317573s ago: executing program 4 (id=13254):
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a3b370086d04ae08581101020301090212000d000000000904"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x39515a625330a8f9}}, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, &(0x7f0000000140)={0x14, &(0x7f0000000080)=ANY=[@ANYBLOB="000c1f0000001f0e96d08b829dd1e55fe52273733137e41f29e76786406e3b5bd67cd11b78"], &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3c0a}}}, &(0x7f0000000440)={0x34, &(0x7f0000000200)={0x40, 0x0, 0xff, "dd6975680297c63f9977327b4c42fe4d39f1769e6a9e322e9e84e6bb9a1ac01f641e8a25f5739a9eded09ed83fd32cf8b61fdf6882ec3e57e1854624321840d1cc1f80ebc60ba652363d698897c477472f0ae76c1d0ce72e1f72570781f94f3acbb28c3ac96c3f97a31ea1888d41a487e7625d45a2c563c99b817cf087530d59610f79ddfdf668958c78f20cbe27ab62a3d6a416d9433081d6c99a5ba572ef2dfef6acd5eed67686d5fe17c2a2c7acacdf28663140c2437ce323de27a195c3c5164559201540111fc5769ae1c85bae8f6770a30d2e59fdcb1dc8a446b227518056805f0929e9ce71e72f32f7fd67a36069ab7ae70c8c6bdd58205bb467a47d"}, &(0x7f0000000180)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x40}, &(0x7f0000000380)={0xc0, 0xa1, 0x4, 0x9f}, &(0x7f00000003c0)={0x40, 0xa0, 0x4, 0x10001}, &(0x7f0000000400)={0xc0, 0xa2, 0x2f, "7db86d7f521a6c09b07ef99868e6bbfa29d5a1750ebc8d9bd8c07bed55ea4323d0abe69e3c963cc7755602ec17dda2"}})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_disconnect(r0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_usb_control_io$hid(r0, &(0x7f00000006c0)={0x24, &(0x7f0000000480)={0xc74acf1dd1f96491, 0x1, 0x69, {0x69, 0xe, "748eeba616dd46a1a421cf700092080c4a39c8cd11438ad98ce3a53f44ec4bb65964167a978cac38410d43449f974317e5c5db6543f0a9957108b9db60d226715295502b889c8169ee473f0551765815e857a0383fcfb90f9cb88098a8f677409f3172d66bbef7"}}, &(0x7f00000005c0)=ANY=[@ANYBLOB="00032e0000d4e33b067b6cbe2f8363ceb58895edb5cdcdcab3f84f04a3792e99167600000000"], &(0x7f0000000640)=ANY=[@ANYBLOB="00220f0000003952f49c0193e5709cc392e2402989"], &(0x7f0000000680)={0x0, 0x21, 0x9, {0x9, 0x21, 0x4, 0xe, 0x1, {0x22, 0xd9a}}}}, &(0x7f0000000880)={0x2c, &(0x7f0000000700)={0x20, 0x14, 0xd, "07b17c16a6f25d97fd00922d1c"}, &(0x7f0000000780)={0x0, 0xa, 0x1, 0xc}, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0x39}, &(0x7f0000000800)={0x20, 0x1, 0xf, "e75861115412aa3cbaa99a6e28c124"}, &(0x7f0000000940)={0x20, 0x3, 0x1, 0x1}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x8000, 0x5, 0x4000000, 0x0, 0xd304}, 0x8, 0x1, 0x3ff, 0x7, 0x7f, 0x5, 0x8, 0x16, 0x1, 0x6, {0x7, 0x7, 0x8, 0x80000001, 0x6f0f88ae}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r5 = socket$unix(0x1, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000008c0)=@mpls_getnetconf={0x44, 0x52, 0x2, 0x70bd26, 0x25dfdbfe, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x401}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0xc}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x3}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x2c12}, @IGNORE_ROUTES_WITH_LINKDOWN={0x0, 0x6, 0x2}, @NETCONFA_IFINDEX={0x8, 0x1, r4}]}, 0x44}}, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000022c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0xf7513c36066f8950}, 0x20000000)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000600), 0x56)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)

4.117884149s ago: executing program 5 (id=13257):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc048aeca, &(0x7f00000004c0)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socket(0x10, 0x3, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setfsgid(0x0)
ptrace(0x10, r3)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4004804, &(0x7f0000000180)={0xa, 0x4e24, 0x7, @mcast2={0xff, 0x5}, 0x3}, 0x1c)
r4 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f00000001c0)=ANY=[@ANYRES16=0x0], 0x18)
syz_emit_ethernet(0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="0180c20000000000000000000800450000280064000004029078000078e0000002ebffff070000000400000007000000000000000000e6fbb0183536aec031441a287cfd5ae9eb84f466dd5d98250567fe4e5ef43e84d666e73f720bcd28fb1d0357c2092371ae47744bf2ed63f7fbcb1b27ac07611e7b9bac97f39cc5459f765a0775bc67969c03ce05bd5a3a717bab9282724d33c867b061f5c02cd77d1580eab7c095d4fdbde34563a3f2bec6ef472c09da85b2af35861abb0fe6fc206ae74a8b7317b5cbc81ac7b442d811c3f7"], 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000240)={0x1, &(0x7f00000000c0)=[{0x6, 0x4b, 0x7, 0x7}]})
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x13, r7, 0x2000)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0)
preadv2(r8, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1013}], 0x1, 0x0, 0x20000000, 0x1f)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, 0x0)
r9 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r5, 0x40182103, &(0x7f0000000080)={0x0, 0x1, r9, 0x3, 0x80000})
r10 = syz_clone(0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r10, 0x0, 0x8)
waitid(0x0, r10, 0x0, 0x8, 0x0)
r11 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010003b15000800"/20, @ANYRES8=r4, @ANYBLOB="0431000000b401001c0012800b00010067726574617000000c000280080001001702"], 0x3c}}, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r11, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x40, 0x180, 0x0, 0x4, 0x2, {0x0, 0x9, 0x1}, {0x350, 0xffff, 0xffffffff}, {0xf4ef}, {0x4, 0x4000000, 0x7fe}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x20, 0x0, 0x0, 0x0, 0x100, 0x0, 0x4})

4.04120367s ago: executing program 3 (id=13258):
r0 = socket(0x11, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'gre0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000100)={'veth1_to_bridge\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xe}}})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000080)={0x5, 0x2})
close_range(r3, 0xffffffffffffffff, 0x0)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000200)=0xe9, 0x4)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05fa651ba00000000000010000000900010073797a30000000002c000000030a03000000000000400000010000000900030073797a32000000000900010073797a300000000054000000060a01040000000000000000010000002c00048028000180080001006e6174001c00028008000540000000040800014000000001080002404d89000208000b40000000000900010073797a30"], 0xc8}}, 0x0)
open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r5 = socket(0x1e, 0x1, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xfd01}, 0x8)
connect$tipc(r5, &(0x7f0000000040)=@id, 0x10)
sendfile(r1, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x0, &(0x7f0000000040)=<r7=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r8=>0x0)
io_submit(r8, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r7, 0x0}])
open$dir(&(0x7f00000003c0)='./file0\x00', 0x0, 0x88)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)=ANY=[@ANYRES64=r3], 0xdd12}], 0x1}, 0x0)

3.715631454s ago: executing program 3 (id=13260):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000040)={0x9, 0x5, 0x20ffd})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r2, 0x100000000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110c230000)
ioctl$TUNSETOFFLOAD(r4, 0x80047441, 0xf0ff1f00000000)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x9f)
mmap(&(0x7f0000478000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x60, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
recvmsg(0xffffffffffffffff, &(0x7f000000c1c0)={0x0, 0x0, &(0x7f000000c080)=[{&(0x7f000000acc0)=""/4096, 0x1000}, {0x0}], 0x2}, 0x20)
close_range(r0, 0xffffffffffffffff, 0x0)

3.480681262s ago: executing program 3 (id=13263):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x110, r0, 0x400, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_QOS_MAP={0x12, 0xc7, {[{0x6, 0x1}, {0xb, 0x5}, {0x8, 0x3}], "a39baa6348d9e3e9"}}, @NL80211_ATTR_QOS_MAP={0xc, 0xc7, {[], "9e750296fdd435ab"}}, @NL80211_ATTR_QOS_MAP={0x24, 0xc7, {[{0x4, 0x2}, {0xf7, 0x3}, {0x8, 0x2}, {0x7, 0x1}, {0x5, 0x4}, {0x9, 0x1}, {0x5, 0x4}, {0xcf, 0x4}, {0x7, 0x2}, {0x3, 0x7}, {0x6, 0x1}, {0x10, 0x4}], "1f5413777ff9837f"}}, @NL80211_ATTR_QOS_MAP={0x2a, 0xc7, {[{0x2, 0x5}, {0x4, 0x1}, {0x2, 0x6}, {0x9, 0x6}, {0x0, 0x4}, {0x3, 0x3}, {0xe, 0x4}, {0x7, 0x1}, {0xbd, 0x3}, {0x3, 0x3}, {0xbc}, {0xc1, 0x6}, {0x4, 0x6}, {0xd, 0x4}, {0x0, 0x4}], "627d82e4b9bcb75a"}}, @NL80211_ATTR_QOS_MAP={0xe, 0xc7, {[{0x40, 0x3}], "20f3765c9d0dc046"}}, @NL80211_ATTR_QOS_MAP={0x24, 0xc7, {[{0x20, 0x2}, {0x10, 0x92}, {0x2}, {0x7, 0x3}, {0x4, 0x4}, {0x3a, 0x7}, {0x4, 0x5}, {0x80, 0x3}, {0x81, 0x6}, {0x1, 0x6}, {0x1, 0x3}, {0x1b, 0x4}], "8ad887535c3514c0"}}, @NL80211_ATTR_QOS_MAP={0x28, 0xc7, {[{0xc3, 0x6}, {0x7, 0x5}, {0x2, 0x5}, {0x4, 0x4}, {0x6, 0x5}, {0x6, 0x1}, {0x81, 0x1}, {0x6, 0x2}, {0xff, 0x7}, {0x7, 0x7}, {0x2, 0x7}, {0x5, 0x7}, {0x6, 0x4}, {0x3, 0x7}], "57ce1e66666c756f"}}, @NL80211_ATTR_QOS_MAP={0x28, 0xc7, {[{0x5, 0x1}, {0x7, 0x7}, {0xa1}, {}, {0xc, 0x1}, {0x80, 0x3}, {0x2, 0x1}, {0x9, 0x3}, {0xc}, {0x2, 0x5}, {0x0, 0x6}, {0x5, 0x3}, {0x2, 0x1}, {0x8, 0x5}], "bb6eca1f675bd6a4"}}]}, 0x110}, 0x1, 0x0, 0x0, 0xc084}, 0x40804)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0xa4d8, 0x1, 0x74, 0xd}, {0x8, 0x7f, 0x47, 0xfffffffb}, {0x0, 0x5, 0x74, 0x5}, {0x28, 0x7, 0x6, 0xfffffff7}]})
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000002200)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x28, r0, 0x1, 0x70bd26, 0x0, {{0xa}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x6}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

3.44299934s ago: executing program 3 (id=13265):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc4740a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeadcd3641110bec4e93a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b900000000c52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2826b73323301b4bc94d0e4afde44867d71049a7c89bc617e215571ac910d8005000000000000006c34d2342806960b6bcb00000000000000000000000000113ee640b9ed0304a0bfb125204d30990361bf45ef45277a167cd2b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92000000000000000000000000000091bd1a7398248ed5a93752567682bbda235299fd8a7d447ecfe6a09c3afee6afa0d15522e81f28c3fc11fff52eb98cbe889bad6c2965dd2c08041fd7049803012b92030d3e64632cef321315e1c56dd531eed7af48"], &(0x7f0000000140)='GPL\x00'}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000019700)={r0, 0x0, 0xfffffffffffffffc}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000000340)={0x10, 0x0, 0xfffffffc, 0x10000000}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x5, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1802, 0x4)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x20132, 0xffffffffffffffff, 0xb299f000)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x4c, 0x0, &(0x7f0000000140)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f00000000c0)={@flat=@handle={0x73682a85, 0x1}, @fd={0x66642a85, 0x0, r1}, @fda={0x66646185, 0x2, 0x2, 0x2d}}, &(0x7f0000000040)={0x0, 0x18, 0x30}}, 0x400}], 0x9a, 0x0, &(0x7f0000000200)="9a7872695ed6b9bd5fc7312f80759cd457f7749c5710e3a49faa485b8d639ed03e71fd96602cea0ba4ecc7c0b22e71c59633bdca8e17070a6695e45c2ac8244dae04e6ae9ae214bc4a46d4f1b188835bb296836565ca6ee6525f6c35b77242e05b22766094df968e9921a130730ef14b06a11901f43b0beab9ad9d81c53ed54b8c845d40d1f20d6277207a2c2fae24659a5df50299d0e9fc570d"})
pipe2(0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
r4 = dup(r2)
write$UHID_INPUT(r4, &(0x7f0000001980)={0x765, {"a2e3ad084fc752f91b2909094bf70e0dd038e7ff7fc6e5539b3266078b089b39353b0e1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b33300d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xfd, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x804)

3.282923443s ago: executing program 1 (id=13267):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000900), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000940)={0x4c, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0xa}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x20000801)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x2, 0x0, 0x1, 0x8, 0x3, 0x7}, &(0x7f0000000040)=0x20)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1d, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)

3.208898652s ago: executing program 1 (id=13268):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x68}}, 0x0)
r1 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r1, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001640)="5346f7f875528ef24043c68e", 0xc}], 0x1}, 0x0) (fail_nth: 7)

2.861499959s ago: executing program 5 (id=13269):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000000)={0x0, 0xc3, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, r2, 0x1, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x60}, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x2}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)

2.83020614s ago: executing program 1 (id=13270):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @private1={0xfc, 0x1, '\x00', 0x50}, 0x1}, 0x77) (async)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @private1={0xfc, 0x1, '\x00', 0x50}, 0x1}, 0x77)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) (async)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "b39625e03be22ead", "8da0640c9e8f6b81143f1a1a6d81ee2b", "3b0e7088", "19a4216dfdbf6602"}, 0x28) (async)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "b39625e03be22ead", "8da0640c9e8f6b81143f1a1a6d81ee2b", "3b0e7088", "19a4216dfdbf6602"}, 0x28)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "fbe3342737b5cb53", "dff2362f4dd11991efd377216a85a1ac", "70aaddbb", "fdb80a7cf9c36f33"}, 0x28)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x5, 0x4}, &(0x7f0000000180)=0x5e)
open(&(0x7f0000000340)='./file0\x00', 0x280700, 0x1) (async)
r1 = open(&(0x7f0000000340)='./file0\x00', 0x280700, 0x1)
close(r1) (async)
close(r1)
setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f00000001c0)=0x2, 0x4)
r2 = socket(0x21, 0x80a, 0x8)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00'})
r3 = socket$kcm(0x11, 0x200000000000002, 0x300)
openat$nci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) (async)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r5=>0x0)
socket(0x22, 0x3, 0xfffffffd) (async)
r6 = socket(0x22, 0x3, 0xfffffffd)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0xa, 0x0, 0xd7c4, 0xfffffff9}, 0x10)
write(r6, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000001d00000000000000080009000d00ffa6", 0x24) (async)
write(r6, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000001d00000000000000080009000d00ffa6", 0x24)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r5, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
read$FUSE(r4, 0x0, 0x0) (async)
read$FUSE(r4, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000000)=0x63)
r7 = socket(0x10, 0x803, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r7, 0x40086602, &(0x7f0000000040)={0xfffffffffffffffd, 0x8, 0x0, 0x3})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0)

2.692255511s ago: executing program 5 (id=13271):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003700), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000003b40)={'wlan0\x00', <r2=>0x0})
pipe2(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r4, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000080)=[0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000140)=[0x0, 0x0], 0x0, 0xda, &(0x7f0000000180)=[{}, {}], 0x10, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0xf8, 0x8, 0x8, &(0x7f0000000280)}}, 0x10)
sendmsg$nl_route(r4, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x208400}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@ipv4_newaddr={0x20, 0x14, 0x4, 0x70bd25, 0x25dfdbfe, {0x2, 0x1, 0x16, 0xfd, r5}, [@IFA_RT_PRIORITY={0x8, 0x9, 0x9}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000000)=0x10000)
write$P9_RGETLOCK(r4, &(0x7f00000000c0)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x800)
fcntl$setstatus(r4, 0x4, 0x52c00)
splice(r3, 0x0, r7, 0x0, 0xffffffffffffffff, 0x1000000000000000)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f00000095c0)={0x0, 0x0, &(0x7f0000009580)={&(0x7f0000009340)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fcdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="080026006c09b80100080211000001080211000080c80000fc000601010101010108009f000300000008009f00060000000f00"/61], 0x60}, 0x1, 0x0, 0x0, 0x4004000}, 0x8c0)

2.559893461s ago: executing program 5 (id=13272):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'veth1_to_batadv\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="bf16000000000000b70700000200f0ff4070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6879fc404004900c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e468eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea70c2ab40c7cb70cc8943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a330100846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2204dd418c005479ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8ff7e7d1c94c4505a9839688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0400f5e1671bc5eb7739daa7820a91cb0e732df2ae1d39c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b400005a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13f334aae90981ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a38400242010000000100000091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025f2a9a135c0508af1aec2926627b43bba1229a7466bdca64f514b7911458da083e8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd9f140e5f00019be25b5910a3193e90be231a05fd82e6003969c3f081ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a58a0aa9a821667c68549e9da89ad4274ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b8840558b3f918d675a79907a72a8252cd3fbaea5d3006a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68196c7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb5ff0f000002ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f80bb1c9cfcde57b79625e2979fe689a5a246cbbdf6ad488f43f46b2536f175f46dfb27d5229467270246ab53616c46edf34c559d3de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546eb7c32dbecb18a308a0004be94dfab28c2a51dc856df0000000000c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5da0f26126d4cf2c73e5f94030000040000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d0e68d7eef5d32d5fcc7923d7544fa492aa38717481455e86dcd7816ad8940bd1995369d89ae6eadeb9117e8b94ab422c8d62f858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1e3f5cd4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1abb901f866d9d629b4fb185f45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb5ab59c7b2b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d6cf0a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9573abb0a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b14952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d780100358aa54b4b49926c4be9ee4659153d9fa95d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d832e1431ed6d646d13e8e7230300920a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c22e46af480c300000000000000000000000000000000000044ff72f96f084f4b6cdcb1b4a9d8e9f99f1b85497d0c3df704c8a0034c09caeeb0e34799b755649883539258a7b33dcef15d8fd1953ebaaa3cff81a0de7a05a440f20f6b273ceb8678f10378b670be7504dabd1471355d853292775d0366891f0bcf0a6087ed4f1f25ef52394db3e9d8318bbb9baff3db95bfd68a08ded502cc08a485c804e4fd107a7ca2a64ca081c6b2f7b895cdf98b763ebab9451c65eced6f5f97a541210806d885762ac3150225036c7eccd7a05593abd963f9a02df58085115e54f675e6a08d25b5722cabf989b4bbc562e073b81bae61f05c5e1f90e021340b60cc5fb8fdb09b6d20b0d87a6ed800000000000000000000000000000000006cc6f64f583a26a78f7f417f66c0af32f5194ddfce51e5aff28f621bb2fd2a5ab719823488d6e869b08d3d4ac7950c60144cf77437e29895a23282e3c65e015d1c334832a90ee77d93596e3f12e9ca8c67c7f3c9b66c9cb03edec184ad1d9544c7a3be250e471dca00000078544d79c0efe4094e561eeb26ee4c81106d03c004bc1589ef6e13648999c8735e2634e89aaa90c571fa3c07238697b1db783c52715055445e96995fe3273b0346b03fc742c06aa3947e0d9cf0c99b5e245ede85893112deea8bd3355a32ec15e1242f170a51f28cea4105541e96a52da4984d26bd29cb0623f00c6b0a4c00ad406d729babc9d1550a683c349017a340444000000000000000000000920ca49f7cc8194aaebdcae5a62bb7587b57f41f1c2034911f23e6bd0291b3319f03a0a15dea685a8ab75b3c60391afa5483231305402b52a8f98638009c142751518f73a847ca583e855d70c6a4a53f61ad753d5e740db44afd32b019d9e8b41361c2c1b9a8a1"], &(0x7f0000000140)='GPL\x00'}, 0x94)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001340)=@raw={'raw\x00', 0x8, 0x3, 0x500, 0x340, 0x11, 0x148, 0x340, 0x0, 0x468, 0x2a8, 0x2a8, 0x468, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @fd={0x2, 0x0, r1}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x11, 0x0, 0x0, 0x0, '\x00', {0x7}}}}, {{@uncond, 0x0, 0xe8, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@osf={{0x50}, {'syz0\x00', 0x0, 0xd, 0x0, 0x2}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x5, 0x3, {0xff}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x560)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fremovexattr(r2, &(0x7f0000000000)=@known='system.posix_acl_default\x00')
syz_open_dev$hidraw(&(0x7f0000000180), 0x8, 0x80001)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})

2.471092493s ago: executing program 1 (id=13273):
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000200)=0x6)
read$dsp(r1, &(0x7f00000000c0)=""/108, 0x6c)
write$dsp(r0, &(0x7f0000002000)='`', 0x88020) (fail_nth: 7)

2.416073974s ago: executing program 5 (id=13274):
getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1d, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
futex(0x0, 0xd, 0x1, &(0x7f0000000440), 0x0, 0x1)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
fcntl$F_SET_RW_HINT(r3, 0x40c, &(0x7f0000000080)=0x1)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x8000000000000035, 0x0, 0x10000000215b9037, 0x40180, 0x1, 0x11, 0x8000000000f2, 0x0, 0x7, 0x5, 0x5, 0xc6bd, 0x566, 0x45, 0x80000000005, 0x7], 0x6006, 0x1c0293})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000040)={0x2, 0xa000, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
setsockopt$inet_int(r5, 0x0, 0xf, &(0x7f00000009c0)=0x1238, 0x4)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)

2.070443664s ago: executing program 0 (id=13275):
r0 = memfd_secret(0x0)
ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000540)=""/200)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000080)
socket(0x10, 0x803, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@newlink={0x70, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x50, 0x12, 0x0, 0x1, @gre={{0x8}, {0x44, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x8, 0x6, @local}, @IFLA_GRE_ERSPAN_DIR={0x5}, @IFLA_GRE_TTL={0x5, 0x8, 0x2}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x1}, @IFLA_GRE_PMTUDISC={0x5, 0xa, 0x1}, @IFLA_GRE_REMOTE={0x8, 0x7, @private=0xa010100}, @IFLA_GRE_REMOTE={0x8, 0x7, @loopback}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e22}]}}}]}, 0x70}}, 0x800)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0xb, @private1, 0x9}, 0x1c)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r3, 0xfffffffc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000500)={'geneve0\x00', &(0x7f0000000280)=@ethtool_link_settings={0x4d, 0x400, 0xf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x20, 0x4, [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x9], [0x8, 0x400, 0x10, 0x1]}})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x14}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000640)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000004c0)={&(0x7f0000000340)={0x40, 0x0, 0x100, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x9, 0x37}}}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x9}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xd4}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xa9}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x7c}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x4000080)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00'})
socket$netlink(0x10, 0x3, 0x0)

2.012891214s ago: executing program 1 (id=13276):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000130d00"/20, @ANYRES32=0x0, @ANYBLOB="d11101000000000008000500", @ANYRES32=r1, @ANYBLOB="140012800c0001006d6163766c616e"], 0x3c}, 0x1, 0x0, 0x0, 0x4004014}, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000540)={'bond0\x00', 0x0})

2.012476751s ago: executing program 4 (id=13277):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}, {0x6, 0x37, 0x0, 0x9}]}, 0x10)
socket$inet6(0xa, 0x3, 0x6)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x2a, &(0x7f0000000140)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @info_request={0xf, 0x0, 0x0, 0x81, 0x7}}}}}, 0x0) (fail_nth: 1)

1.919593933s ago: executing program 1 (id=13278):
r0 = syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r2, 0x5423, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000009500)=@newtaction={0xe68, 0x30, 0x0, 0x70bd27, 0x25dfdbfd, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1f, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x0, 0x401, 0x20000000, 0x1, 0x4}, 0x3c, 0x9}, [{0x10000, 0x80000001, 0x90b71e2, 0x6, 0x6, 0x9}, {0xb943, 0x0, 0x8, 0x7, 0x1, 0x6}, {0x4, 0x80000001, 0x9cb, 0x9, 0x4b, 0x3}, {0x80000000, 0x272f8ca0, 0x0, 0x400, 0x8, 0xde}, {0x9, 0x9, 0x1, 0xfffffff7, 0x9, 0x800000}, {0xa, 0xa, 0x1000, 0x7, 0x2, 0x2000}, {0x63, 0x1, 0x2, 0x1, 0x6, 0x1}, {0x4757, 0x5, 0x8, 0xbc64, 0x5b, 0x45ef}, {0x1f, 0xfffffffc, 0x1, 0x3, 0x2, 0x2}, {0x7ff, 0x400, 0x10000, 0x9, 0x1, 0x4}, {0x8, 0xa7, 0x40, 0x6, 0x2, 0x9}, {0x2, 0x6, 0x81, 0x7f, 0x2, 0xa}, {0x40, 0x1ff, 0xa, 0x3, 0x6, 0xbebd}, {0x8, 0x3ff, 0x0, 0x8, 0x5, 0x5}, {0x0, 0x4206, 0x7, 0x1, 0x9, 0xdf99caf9}, {0x1, 0x2, 0x9, 0xfffffffd, 0x8, 0x4}, {0xffff, 0x7, 0x9, 0xd, 0x7, 0xc}, {0x6, 0x6d4c, 0x2, 0x2, 0x7, 0x3}, {0x5, 0x8000, 0x3, 0xfffffff4, 0x0, 0x7}, {0x0, 0x424, 0x4, 0xffff0001, 0x2, 0xfffffffb}, {0x6d, 0x4, 0x3b79, 0x2, 0x4, 0x7ff}, {0x90e9, 0xc1e8, 0x80, 0x15, 0x8, 0xc79}, {0x398, 0x4, 0x8, 0x9, 0x8b1, 0xd8}, {0xc9, 0x9, 0x6, 0xf, 0x0, 0x28}, {0xa5, 0x0, 0x81, 0x800, 0x100, 0x7}, {0xfffffff8, 0x7, 0x0, 0x0, 0xab}, {0xc10b, 0x2191, 0x6, 0x9, 0x0, 0xbe}, {0x80000000, 0x2c2d, 0x400, 0x2, 0x3, 0x7}, {0xfe, 0x9, 0x9, 0x9, 0x7, 0x80}, {0x10000, 0x3, 0x7, 0x800, 0xffffffff, 0x1}, {0x7, 0x6, 0x7ffa328c, 0x2, 0x7b51, 0x8ce6}, {0x8, 0x212626f5, 0x2, 0x2, 0x8001, 0x2}, {0x7, 0x2, 0x7fff, 0x4, 0x7, 0x9}, {0x9, 0x5, 0x2, 0x4, 0x9, 0xe}, {0xfffffffe, 0x2, 0x354a657a, 0x7, 0x8, 0x8}, {0x1, 0x5, 0x9e2a, 0x0, 0x7, 0x3}, {0x7f, 0x5, 0x57b, 0x2, 0x0, 0x5}, {0x3, 0x3, 0x1, 0x3, 0x5, 0x9}, {0xff, 0x0, 0xfff, 0x8, 0x4, 0x9}, {0x2c, 0x2, 0x6, 0x10001, 0x2, 0x101}, {0x2, 0x0, 0x4, 0x6, 0x3, 0x10001}, {0xd, 0xfff, 0x5, 0x94, 0x2, 0x6}, {0x5d, 0x80, 0x4, 0x7, 0x11, 0x6}, {0x3, 0x5, 0xc8, 0x5, 0x18000000, 0x6}, {0xfffffffb, 0x7, 0x3, 0x9, 0x8001, 0x6}, {0x1, 0xb94, 0x800, 0xffffff49, 0x5, 0x9}, {0x95d5, 0x8, 0x8, 0x9, 0x1, 0x89bc}, {0x24, 0x1000, 0x7, 0x400040, 0x1, 0x1}, {0x6, 0x800, 0x0, 0x400, 0x10, 0x1}, {0x29a, 0x3, 0x4, 0x6, 0x7, 0x3}, {0x38000000, 0x5, 0x3e690dd2, 0x0, 0x49f, 0x8}, {0x9, 0x8, 0x7f, 0x9, 0x8, 0x8}, {0xfffffff6, 0x0, 0x2, 0x8, 0x1ff, 0x4}, {0xfffffff8, 0x6, 0xfffffffc, 0x7, 0x7, 0x1}, {0xc, 0x70c, 0xad8, 0x7, 0x355e7bd2, 0x7}, {0x5, 0x5, 0x1, 0xe3, 0x6ec, 0x3}, {0xff, 0x7, 0x66, 0xe, 0x9, 0x9}, {0x0, 0x0, 0x2, 0x1, 0x200, 0x8}, {0x32db, 0x1, 0x1, 0xffffffff, 0xe790, 0x9}, {0x2, 0x400, 0xfa, 0x9, 0x6, 0x1}, {0x7f, 0x1, 0x5, 0x8000, 0xffffffff, 0x8}, {0x1, 0xfff, 0x7f, 0x8000, 0xe, 0xc44}, {0x80000000, 0x9, 0x0, 0xf98, 0x9, 0x8}, {0x5, 0x1, 0x18, 0x0, 0x80000001, 0x9}, {0x0, 0x8, 0x3, 0x200, 0x5, 0x7}, {0x80000001, 0x2, 0x9, 0xc8, 0xfffffffc}, {0x5, 0x3b, 0x400, 0x4, 0x4, 0x3}, {0x7, 0x8, 0x1, 0x400, 0x9, 0x529}, {0x9, 0x16, 0x10001, 0x3, 0x1, 0xfffffffa}, {0x6, 0x74, 0xffffffff, 0x3, 0x1, 0x7ff}, {0x80000000, 0x9, 0x9, 0x0, 0x9}, {0xffffff97, 0xc, 0x9, 0x3, 0x1, 0x5}, {0xd, 0x4, 0xd, 0x3f, 0x2, 0x7}, {0xa, 0x4, 0x2, 0x3, 0x5}, {0x0, 0x283, 0x4, 0x6, 0x8, 0xee7}, {0x6, 0x7, 0x3, 0x0, 0x7f, 0x9}, {0x8, 0xe, 0x100, 0x8, 0x4, 0x5}, {0x1, 0xfffffffc, 0x2, 0x4, 0x100, 0x80000001}, {0x4, 0xffff, 0x2a, 0xf24d, 0xffff8001, 0x5}, {0xd6b, 0x7b8c3976, 0x1, 0x0, 0xf7d9, 0x1}, {0xae9, 0x6, 0xfffffffe, 0x6e53de2f, 0x4, 0xe2758a}, {0x7, 0x8, 0x4, 0x9, 0x8, 0x7fff}, {0xff, 0x1, 0x4, 0x8, 0x1, 0x9}, {0x0, 0x3, 0x8a, 0x6, 0x10, 0x5}, {0x2, 0xe24, 0x5, 0x96, 0x7, 0xd859}, {0x6, 0x6, 0x7, 0x400, 0xfff, 0x2}, {0x3, 0xb, 0x6f70, 0x3, 0xe, 0x6}, {0x0, 0x8, 0xdd1d8af, 0xd1e, 0x4dd, 0x7}, {0x9, 0x1, 0x9, 0x1000000, 0x4, 0x81}, {0xfffffffc, 0xad, 0x9, 0x7, 0x8000, 0x6}, {0x5, 0x6, 0x5, 0x2, 0x7f, 0x7}, {0x8, 0x6, 0xe79, 0x10f, 0x80, 0x3}, {0x9404, 0x4d, 0x8, 0xc63, 0x475, 0x9}, {0xc4c3, 0x4, 0x1, 0xfadc, 0x8, 0x5}, {0x4, 0x1, 0x3, 0x8, 0x10, 0xfffeffff}, {0x9, 0x5, 0x14, 0x1, 0x7, 0x1}, {0x5, 0xed40, 0x8000, 0x7cf, 0x10, 0xe}, {0x3, 0x0, 0x1c7b, 0x9fc3, 0x57c4, 0x800}, {0x5, 0xfffeffff, 0x4, 0x1, 0x0, 0x3}, {0x6, 0x9, 0x8, 0x3, 0x5, 0x7}, {0x6, 0x2, 0x4, 0x9, 0x7fff, 0x5}, {0x7fff, 0x8, 0x0, 0x9, 0xced, 0x80000000}, {0x7ff, 0x3, 0x6, 0x7fff, 0x9, 0xd}, {0x3, 0x5, 0xb, 0x8001, 0x9, 0x1}, {0x0, 0x2, 0x6, 0x2, 0x9, 0x8}, {0x0, 0x7, 0xae6ad9f, 0x9, 0x7, 0x6}, {0x6, 0x200, 0x81, 0xfffffff7, 0x6, 0x4}, {0x0, 0x4, 0x546, 0x6, 0x7, 0x1}, {0xad03, 0x81, 0x7, 0x6, 0x5, 0x9}, {0x4, 0xfff, 0x2, 0x3, 0x9, 0xd}, {0xe, 0x2d4, 0x5, 0x40, 0x1c7a3607, 0xcb2d}, {0x7, 0x9, 0x3, 0x2, 0x4, 0x7fffffff}, {0x0, 0x3, 0x3, 0x8, 0x6}, {0x91, 0xb, 0xfffffffc, 0x8, 0x10000, 0x1}, {0x9, 0x5, 0x8, 0x2, 0x7, 0x8d}, {0x4, 0xb, 0xfffff364, 0x4, 0x400, 0x4}, {0x81, 0x3, 0x1, 0x80000000, 0xbf1}, {0x8, 0x6, 0xd4, 0x1, 0x6, 0x1}, {0x3ff, 0x1, 0x1, 0x800, 0x800, 0xa4}, {0x8, 0x0, 0xfffffff7, 0xfffffffc, 0x4, 0xad5f}, {0x62, 0xe, 0x0, 0x7f7, 0x3, 0x3ff}, {0x100, 0xfffffff9, 0x5, 0xc, 0x84, 0xc20e}, {0xc, 0x6c, 0x2, 0x4, 0x7, 0xea}, {0x8, 0x0, 0x8, 0x0, 0xb2, 0x3}, {0x7, 0x3, 0xec, 0x5, 0x8, 0x1}, {0x8, 0x3000000, 0xffff, 0x81, 0xfffffff6, 0x9}, {0x1, 0xda, 0x5, 0x3, 0x6553, 0x4}, {0xfffffff9, 0x6, 0x7, 0x4, 0xa6, 0x50d8a0cf}], [{0x1, 0x1}, {0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x3}, {}, {0x0, 0x1}, {0x4}, {0x4, 0x1}, {0x5}, {0x3}, {}, {0x5, 0x1}, {0x3}, {0x4}, {0x0, 0x1}, {0x4}, {0x2, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {0x3}, {0x1}, {0x5}, {0x3, 0x1}, {0x2}, {0x6}, {0x5, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x4}, {0x5, 0x1}, {0x4}, {0x3}, {0x3}, {0x1}, {0x3}, {0x5, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {}, {0x4, 0x1}, {0x1}, {0x3}, {0x3}, {0x2}, {0x4, 0x1}, {}, {0x5}, {0xbc772ccd0a61e388, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x2}, {0x0, 0x1}, {0x5}, {0x1, 0x1}, {0x5}, {0x4}, {}, {}, {}, {0x1}, {0x3}, {0x1}, {0x1, 0x1}, {}, {}, {0x2, 0x1}, {0x3}, {0x0, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x2}, {0x3, 0x1}, {0x2}, {0x2}, {0x4}, {0x5}, {0x1, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x5}, {0x2}, {0x1, 0x1}, {0x3}, {0x1}, {0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x1}, {0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x5}, {0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x2}, {0x2, 0x1}, {}, {0x3, 0x1}, {0x2}, {}, {0x4, 0x1}, {0x5, 0x1}, {0x5}, {}, {0x5, 0x1}, {0x5}, {}, {0x5, 0x1}, {0x5, 0x1}, {0x5}, {0x2}, {0x0, 0x1}, {}, {0x1}, {0x4}, {0x2, 0x1}, {0x3, 0x1}], 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x5}}}}]}]}, 0xe68}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000180)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/212, 0xd4, 0x1, &(0x7f00000005c0)=""/204, 0xcc}, &(0x7f00000001c0)=0x40)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000094c0)=ANY=[@ANYBLOB="8c45000043000701fefffffffcdbdf25017c000004004580744501"], 0x458c}, 0x1, 0x0, 0x0, 0xc004}, 0xc000)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="40010400000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x38, 0x42, 0x1, 0x70bd25, 0x25dfdbfd, {0x2}, [@nested={0x8, 0x38, 0x0, 0x1, [@nested={0x4, 0x6}]}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0xc, 0x8c8, 0x0, 0x0, @u64=0x2}]}, @nested={0xa, 0x4, 0x0, 0x1, [@generic="56b5bfa75bbd"]}]}, 0x38}, 0x1, 0x0, 0x0, 0x8800}, 0x4040)
socket(0x29, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000000140)={0x40, 0x8, 0x1a, "4f59475539c4f7c36e4d05430fc148ce3c2940f2099e8b4e5028"}, 0x0, 0x0})

1.516456593s ago: executing program 5 (id=13279):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_driver={0x0, 0x80805513, 0x0})
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000200)={'syztnl0\x00', 0x0, 0x29, 0x2, 0xff, 0x1, 0x38, @mcast1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}, 0xc0, 0x700, 0x6, 0x5}})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x0, 0x16, 0x4, "94c161ee"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)={0x0, 0xf, 0x4, "c7a13997"}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080), 0x22883, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r4 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1}, 0x48)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x2000, 0x1)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x4, "a13b1f21"}, 0x0, 0x0, 0x0, 0x0})
r6 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'team0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x45c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0xd}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x3, 0x2, 0x8, 0x1, 0xff, 0x7}, {0x4, 0x0, 0x3, 0xa159, 0x1000, 0x7}, 0x3, 0x8, 0x41e}}, @TCA_TBF_PTAB={0x404, 0x3, [0x104, 0x2, 0xc, 0xfff, 0x0, 0x8ba, 0xa1, 0x4d91, 0x7fffffff, 0x63c4, 0x0, 0x7ffd, 0x403, 0x255, 0x6, 0xc, 0xd81, 0x3, 0xa, 0xa, 0x7, 0x6, 0xc, 0x200, 0xfffffffd, 0x5, 0xb96, 0x7, 0x0, 0xffffffff, 0x200, 0x3, 0x80000001, 0x7c, 0xfffffffc, 0x5, 0x3, 0x2, 0x8, 0x0, 0x1, 0xd, 0x80, 0x400, 0x80, 0x90000010, 0x3800000, 0x0, 0xfffff30b, 0x0, 0xf6, 0x81, 0xfffffffa, 0x80, 0x101, 0x1, 0xfffffbff, 0x36a5, 0x4, 0x6, 0x200, 0x1ba, 0x9, 0xab, 0x6, 0xfffffff7, 0x6, 0x0, 0x3, 0x1, 0x963, 0x1ff, 0x2, 0xfffffffd, 0x6, 0x5, 0x0, 0x3, 0x0, 0xb09, 0x3ff, 0x7, 0x8000, 0x4, 0x8, 0x1000, 0x101, 0x5, 0x3, 0x6, 0x9, 0x0, 0x1, 0x8762, 0x10008e, 0x80000005, 0xfffff76b, 0x0, 0x4, 0x4275c4e9, 0x4000000, 0x5, 0x800, 0x4, 0x6, 0x8, 0x6cdf139e, 0x9, 0x3, 0x5, 0x10001, 0xff, 0x80000001, 0xed2, 0x5, 0xfffffffa, 0x10002, 0x18d0, 0x0, 0x3, 0x9486, 0x80, 0x5, 0x80000000, 0xdb, 0x3, 0x80, 0xffbf7ffc, 0x1, 0x8, 0x7, 0x1, 0x2, 0x8008, 0x2, 0x8, 0x2, 0x81, 0x3, 0x1, 0x6bf, 0x7, 0xea, 0x4, 0xc1, 0x2, 0x40, 0x5, 0x27f, 0x200, 0x7, 0x40, 0x7, 0x4, 0x7, 0xff, 0x400, 0x8, 0x7fffffff, 0xfffffff7, 0x8, 0xfffffff4, 0x8, 0xc, 0x96, 0x6, 0x104, 0x62cc, 0xfffffff5, 0x7, 0x2eb7, 0x10001, 0xcbf, 0x10000, 0x101, 0x9, 0xfffffffa, 0x1, 0x8, 0x7, 0x8001, 0xf, 0x5, 0x8, 0x8d, 0x0, 0x2, 0x7, 0x1, 0x61, 0xffffffff, 0x494, 0xb, 0x1, 0x1, 0xd1, 0xd, 0x9, 0x1002, 0xffffffff, 0x6, 0x3, 0xfffffffb, 0xffff, 0xff, 0x5, 0x40000e, 0x401, 0x2, 0x8cc5, 0x8, 0x159, 0xfffffff7, 0x81, 0x382ae49d, 0x9, 0xffffffff, 0xffff, 0xdf3b, 0x8d, 0x6, 0xfffffef7, 0x89c3, 0x6319da67, 0x20000005, 0x9, 0x2, 0xfffff801, 0x0, 0x5, 0x5, 0x7, 0x7, 0x7f, 0x7, 0x1, 0x0, 0xffffffff, 0xdfed, 0xb, 0x77, 0x7, 0xff, 0xb331, 0x9, 0x6, 0x9, 0x7, 0x5, 0x400, 0x10001, 0x1, 0x800, 0x6000, 0xfe000000, 0xfffffffd]}]}}]}, 0x45c}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000740)={0x34, &(0x7f0000000240)={0x40, 0x15, 0x4, "6ce4d1f4"}, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$inet_udplite(0x2, 0x2, 0x88)

1.379987454s ago: executing program 4 (id=13280):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000840)={0x6, 0x0, @ioapic={0xeeee0000, 0x8000, 0x8, 0x8, 0x0, [{0x6, 0x4, 0xff, '\x00', 0x6}, {0x4, 0x12, 0x2, '\x00', 0x4}, {0x4, 0x46, 0x8d, '\x00', 0x6}, {0x1, 0xfb, 0x1}, {0x8, 0x8, 0xc, '\x00', 0x46}, {0x9, 0x77, 0xff, '\x00', 0xf}, {0x17, 0x5, 0xd8, '\x00', 0x8d}, {0x8, 0x9, 0x1, '\x00', 0x6f}, {0x8, 0x11, 0x9, '\x00', 0x9}, {0x0, 0x1, 0xf, '\x00', 0x8}, {0x6, 0xb, 0xf9, '\x00', 0x5}, {0xda, 0x4e, 0x4, '\x00', 0xdd}, {0x1, 0x80, 0x2, '\x00', 0x8}, {0x80, 0x6, 0x3, '\x00', 0x6}, {0x2, 0xf, 0x26, '\x00', 0xfd}, {0x7f, 0x5, 0x2, '\x00', 0xf7}, {0x4, 0x10, 0x5, '\x00', 0x1}, {0xe4, 0xfd, 0x9, '\x00', 0xc}, {0xd9, 0x1, 0x7, '\x00', 0x7}, {0xf, 0x7, 0x9, '\x00', 0xd}, {0x8, 0x5, 0x0, '\x00', 0x1}, {0x2, 0x5, 0x7d, '\x00', 0xf1}, {0xa, 0x7, 0x27, '\x00', 0xff}, {0x8}]}})
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='net/fib_trie\x00')
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, 0x0)
ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x9, 0x2)
r5 = syz_io_uring_setup(0x890, &(0x7f0000000140)={0x0, 0xaee2, 0x10, 0xfffffffd, 0xbfdffffc}, &(0x7f00000000c0)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r4, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r5, 0x7323, 0x0, 0x5, 0x0, 0x0)
ioctl$SNDCTL_DSP_RESET(r3, 0x5000, 0x0)
read$FUSE(r2, 0x0, 0x0)
r8 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x5c, 0x0, &(0x7f0000000180)="e30080670000ec67838717bd86dde148f0630962bb87dd44fe42904bcee14db4241544716b9ea42231ed3373a3e29953e3bb017d9c1fd05dacf5bb80b4b7ee0fae7aea53492b38978defbb39a1ffa8a175e8257c3c5386795f7aaa2b", 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc}, 0x50)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000040)=0x85)
syz_usb_control_io$hid(r8, &(0x7f00000002c0)={0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="c60009"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r8, 0x0, 0x0)
syz_usb_control_io$hid(r8, &(0x7f0000001640)={0x24, 0x0, 0x0, &(0x7f0000001bc0)={0x0, 0x22, 0x1, {[@main=@item_012={0x0, 0x0, 0x9}]}}, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r8)
r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340"], 0x0)
syz_usb_disconnect(r9)
r10 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x806, 0x0)
ioctl$sock_qrtr_TIOCINQ(r10, 0x541b, 0x0)
ioctl$XFS_IOC_SCRUBV_METADATA(r1, 0xc0285840, &(0x7f0000003500)={0x6, 0x50000, 0x24533487, 0x0, 0x0, 0x2, 0x0, &(0x7f00000034c0)=[{0x10, 0x101, 0x30e5}, {0x1a, 0xfe, 0x5}]})
ioctl$MEDIA_IOC_G_TOPOLOGY(r2, 0xc0487c04, &(0x7f0000000240)={0x0, 0x9, 0x0, &(0x7f0000000a80)=[{<r11=>0x80000000}, {}, {}, {}, {}, {}, {}, {}, {}], 0x1, 0x0, &(0x7f0000000040)=[{}], 0xa, 0x0, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x7, 0x0, &(0x7f0000003380)=[{}, {}, {}, {}, {}, {}, {}]})
ioctl$MEDIA_IOC_ENUM_ENTITIES(0xffffffffffffffff, 0xc1007c01, &(0x7f0000000540)={r11})

1.075872642s ago: executing program 0 (id=13281):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)) (async)
ioctl$PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f0000001300)={0x80fb, 0x2}) (async, rerun: 32)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x9, 0x80c, 0x3, 0x1c, 0x7, 0x0, 0x10, 0x9, 0xe9, 0x9, 0x9, 0x4, 0x6}, {0x6, 0x6, 0xa, 0xc1, 0x7, 0x1, 0x47, 0xf1, 0x7, 0x2, 0x44, 0x79, 0x3fffffffffe}, {0x7fffffff, 0x8, 0x1, 0x10, 0x4, 0x9, 0x8, 0xf8, 0x5, 0x6, 0x3, 0x3, 0x4}], 0x800000}) (async, rerun: 32)
r1 = socket$nl_route(0x10, 0x3, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) (async, rerun: 32)
open$dir(&(0x7f0000000100)='./file0\x00', 0xe8c40, 0x0) (async, rerun: 32)
r2 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_user\x00', 0x275a, 0x0)
ftruncate(r3, 0x2000009) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x4, &(0x7f0000000840)) (async)
sync_file_range(0xffffffffffffffff, 0x21, 0x7bb, 0x6)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r1, 0x4040942c, &(0x7f00000003c0)={0x0, 0x0, [0xa93, 0x6, 0xc, 0xf, 0x1, 0x6]}) (async)
sendfile(r2, r3, 0x0, 0x7ffff000) (async)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000001400)={0x0, 0xec25, 0x400, 0x1, 0xd4}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_open_dev$vbi(0x0, 0x2, 0x2) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000380)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) (async, rerun: 64)
r7 = socket$kcm(0x10, 0x2, 0x0) (rerun: 64)
sendmsg$kcm(r7, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400600142603600e1208000b0000000401a8001600a400014009000200036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360d070100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0) (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="85009f0c15e08f000008000000d4000000200000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48) (async, rerun: 64)
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44100010203010902bf0002010650000900000000020d001b052401082400a9b30d2d0f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042406024424"], 0x0) (async)
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0)

780.697923ms ago: executing program 0 (id=13282):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003700), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000003b40)={'wlan0\x00', <r2=>0x0})
pipe2(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r4, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000080)=[0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000000c0), &(0x7f0000000140)=[0x0, 0x0], 0x0, 0xda, &(0x7f0000000180)=[{}, {}], 0x10, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0xf8, 0x8, 0x8, &(0x7f0000000280)}}, 0x10)
sendmsg$nl_route(r4, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x208400}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@ipv4_newaddr={0x20, 0x14, 0x4, 0x70bd25, 0x25dfdbfe, {0x2, 0x1, 0x16, 0xfd, r5}, [@IFA_RT_PRIORITY={0x8, 0x9, 0x9}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000000)=0x10000)
write$P9_RGETLOCK(r4, &(0x7f00000000c0)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x800)
fcntl$setstatus(r4, 0x4, 0x52c00)
splice(r3, 0x0, r7, 0x0, 0xffffffffffffffff, 0x1000000000000000)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f00000095c0)={0x0, 0x0, &(0x7f0000009580)={&(0x7f0000009340)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fcdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="080026006c09b80100080211000001080211000080c80000fc000601010101010108009f000300000008009f00060000000f00"/61], 0x60}, 0x1, 0x0, 0x0, 0x4004000}, 0x8c0)

604.83965ms ago: executing program 0 (id=13283):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000001000ffff27bd7100fddbdf2504000000", @ANYRES32=0x0, @ANYBLOB="880d0000231201003c0012800b00010062726964676500002c00028005002600010000000500290000000000060009000000000005002d"], 0x5c}, 0x1, 0x0, 0x0, 0x4001}, 0x20040040) (fail_nth: 7)

275.034969ms ago: executing program 0 (id=13284):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'veth1_to_batadv\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="bf16000000000000b70700000200f0ff4070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6879fc404004900c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e468eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea70c2ab40c7cb70cc8943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a330100846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2204dd418c005479ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8ff7e7d1c94c4505a9839688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0400f5e1671bc5eb7739daa7820a91cb0e732df2ae1d39c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b400005a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13f334aae90981ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a38400242010000000100000091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025f2a9a135c0508af1aec2926627b43bba1229a7466bdca64f514b7911458da083e8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd9f140e5f00019be25b5910a3193e90be231a05fd82e6003969c3f081ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a58a0aa9a821667c68549e9da89ad4274ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b8840558b3f918d675a79907a72a8252cd3fbaea5d3006a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68196c7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb5ff0f000002ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f80bb1c9cfcde57b79625e2979fe689a5a246cbbdf6ad488f43f46b2536f175f46dfb27d5229467270246ab53616c46edf34c559d3de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546eb7c32dbecb18a308a0004be94dfab28c2a51dc856df0000000000c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5da0f26126d4cf2c73e5f94030000040000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d0e68d7eef5d32d5fcc7923d7544fa492aa38717481455e86dcd7816ad8940bd1995369d89ae6eadeb9117e8b94ab422c8d62f858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1e3f5cd4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1abb901f866d9d629b4fb185f45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb5ab59c7b2b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d6cf0a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9573abb0a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b14952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d780100358aa54b4b49926c4be9ee4659153d9fa95d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d832e1431ed6d646d13e8e7230300920a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c22e46af480c300000000000000000000000000000000000044ff72f96f084f4b6cdcb1b4a9d8e9f99f1b85497d0c3df704c8a0034c09caeeb0e34799b755649883539258a7b33dcef15d8fd1953ebaaa3cff81a0de7a05a440f20f6b273ceb8678f10378b670be7504dabd1471355d853292775d0366891f0bcf0a6087ed4f1f25ef52394db3e9d8318bbb9baff3db95bfd68a08ded502cc08a485c804e4fd107a7ca2a64ca081c6b2f7b895cdf98b763ebab9451c65eced6f5f97a541210806d885762ac3150225036c7eccd7a05593abd963f9a02df58085115e54f675e6a08d25b5722cabf989b4bbc562e073b81bae61f05c5e1f90e021340b60cc5fb8fdb09b6d20b0d87a6ed800000000000000000000000000000000006cc6f64f583a26a78f7f417f66c0af32f5194ddfce51e5aff28f621bb2fd2a5ab719823488d6e869b08d3d4ac7950c60144cf77437e29895a23282e3c65e015d1c334832a90ee77d93596e3f12e9ca8c67c7f3c9b66c9cb03edec184ad1d9544c7a3be250e471dca00000078544d79c0efe4094e561eeb26ee4c81106d03c004bc1589ef6e13648999c8735e2634e89aaa90c571fa3c07238697b1db783c52715055445e96995fe3273b0346b03fc742c06aa3947e0d9cf0c99b5e245ede85893112deea8bd3355a32ec15e1242f170a51f28cea4105541e96a52da4984d26bd29cb0623f00c6b0a4c00ad406d729babc9d1550a683c349017a340444000000000000000000000920ca49f7cc8194aaebdcae5a62bb7587b57f41f1c2034911f23e6bd0291b3319f03a0a15dea685a8ab75b3c60391afa5483231305402b52a8f98638009c142751518f73a847ca583e855d70c6a4a53f61ad753d5e740db44afd32b019d9e8b41361c2c1b9a8a1"], &(0x7f0000000140)='GPL\x00'}, 0x94)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001340)=@raw={'raw\x00', 0x8, 0x3, 0x500, 0x340, 0x11, 0x148, 0x340, 0x0, 0x468, 0x2a8, 0x2a8, 0x468, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @fd={0x2, 0x0, r1}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x11, 0x0, 0x0, 0x0, '\x00', {0x7}}}}, {{@uncond, 0x0, 0xe8, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@osf={{0x50}, {'syz0\x00', 0x0, 0xd, 0x0, 0x2}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x5, 0x3, {0xff}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x560)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fremovexattr(r2, &(0x7f0000000000)=@known='system.posix_acl_default\x00')
syz_open_dev$hidraw(&(0x7f0000000180), 0x8, 0x80001)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})

0s ago: executing program 0 (id=13285):
r0 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000001c0)=@ethtool_regs={0x12, 0x0, 0xd, "a1e4cf1855416d188096f15d86"}}) (fail_nth: 7)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)

kernel console output (not intermixed with test programs):

usb 5-1:0.0: Error: mce write urb status = -71
[ 3087.614811][T10602] usb 6-1: USB disconnect, device number 60
[ 3087.633888][ T4492] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 3087.643456][ T4492] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 3087.710183][T16655] netlink: 17015 bytes leftover after parsing attributes in process `syz.1.12956'.
[ 3087.735343][T16644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3087.795405][T16644] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3087.795790][T16655] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12956'.
[ 3087.806895][ T4489] usb 5-1: USB disconnect, device number 104
[ 3087.975987][T16667] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12956'.
[ 3088.086888][T16662] bond1: (slave geneve2): Enslaving as an active interface with an up link
[ 3088.141048][T16667] bond1 (unregistering): (slave geneve2): Releasing backup interface
[ 3088.158424][T16667] bond1 (unregistering): Released all slaves
[ 3088.592520][T16677] fuse: Invalid gid '00000000000000000000011'
[ 3088.669347][T16683] netlink: 'syz.5.12964': attribute type 13 has an invalid length.
[ 3088.785844][T16683] gretap0: refused to change device tx_queue_len
[ 3088.800844][T16683] net_ratelimit: 68 callbacks suppressed
[ 3088.800866][T16683] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 3088.896921][T16689] loop5: detected capacity change from 0 to 7
[ 3089.297067][T16689] Dev loop5: unable to read RDB block 7
[ 3089.309648][    C0] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2
[ 3089.309682][T16689]  loop5: unable to read partition table
[ 3089.319797][    C0] buffer_io_error: 14 callbacks suppressed
[ 3089.319819][    C0] Buffer I/O error on dev loop5, logical block 0, lost async page write
[ 3089.365166][T16689] loop5: partition table beyond EOD, truncated
[ 3089.390968][T16689] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[ 3090.111523][ T5191] Dev loop5: unable to read RDB block 7
[ 3090.117157][ T5191]  loop5: unable to read partition table
[ 3090.187085][ T5191] loop5: partition table beyond EOD, truncated
[ 3090.190337][T16706] FAULT_INJECTION: forcing a failure.
[ 3090.190337][T16706] name failslab, interval 1, probability 0, space 0, times 0
[ 3090.228464][T16706] CPU: 1 UID: 0 PID: 16706 Comm: syz.0.12973 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3090.228495][T16706] Tainted: [L]=SOFTLOCKUP
[ 3090.228502][T16706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3090.228513][T16706] Call Trace:
[ 3090.228520][T16706]  <TASK>
[ 3090.228529][T16706]  dump_stack_lvl+0xe8/0x150
[ 3090.228560][T16706]  should_fail_ex+0x412/0x560
[ 3090.228587][T16706]  should_failslab+0xa8/0x100
[ 3090.228610][T16706]  ? key_alloc+0x312/0x1020
[ 3090.228630][T16706]  kmem_cache_alloc_noprof+0x87/0x650
[ 3090.228665][T16706]  key_alloc+0x312/0x1020
[ 3090.228695][T16706]  request_key_and_link+0x85e/0x1560
[ 3090.228717][T16706]  ? request_key_and_link+0x2cc/0x1560
[ 3090.228738][T16706]  ? __pfx_request_key_and_link+0x10/0x10
[ 3090.228764][T16706]  ? __pfx_key_default_cmp+0x10/0x10
[ 3090.228786][T16706]  ? __pfx_keyring_search_iterator+0x10/0x10
[ 3090.228813][T16706]  ? down_read+0x272/0x2e0
[ 3090.228830][T16706]  ? key_type_lookup+0x1d/0xc0
[ 3090.228856][T16706]  __se_sys_request_key+0x29a/0x350
[ 3090.228886][T16706]  ? __pfx___se_sys_request_key+0x10/0x10
[ 3090.228925][T16706]  do_syscall_64+0x14d/0xf80
[ 3090.228952][T16706]  ? trace_irq_disable+0x3b/0x150
[ 3090.228979][T16706]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3090.228998][T16706]  ? clear_bhb_loop+0x40/0x90
[ 3090.229022][T16706]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3090.229042][T16706] RIP: 0033:0x7f64f459c629
[ 3090.229059][T16706] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3090.229075][T16706] RSP: 002b:00007f64f54ea028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9
[ 3090.229093][T16706] RAX: ffffffffffffffda RBX: 00007f64f4815fa0 RCX: 00007f64f459c629
[ 3090.229107][T16706] RDX: 0000200000001fee RSI: 0000200000000300 RDI: 00002000000002c0
[ 3090.229120][T16706] RBP: 00007f64f54ea090 R08: 0000000000000000 R09: 0000000000000000
[ 3090.229140][T16706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3090.229152][T16706] R13: 00007f64f4816038 R14: 00007f64f4815fa0 R15: 00007f64f493fa48
[ 3090.229183][T16706]  </TASK>
[ 3090.477379][T16708] fuse: Unknown parameter 'group_id<00000000000000000000'
[ 3090.633207][T16712] netlink: 312 bytes leftover after parsing attributes in process `syz.0.12974'.
[ 3090.830371][T16723] loop6: detected capacity change from 0 to 524288000
[ 3091.137330][T16734] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12981'.
[ 3091.146650][T16734] netlink: 48 bytes leftover after parsing attributes in process `syz.4.12981'.
[ 3091.160964][ T4492] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[ 3091.217279][T16737] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12982'.
[ 3091.290820][ T4492] usb 1-1: device descriptor read/64, error -71
[ 3091.530750][ T4492] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[ 3091.660878][T10602] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[ 3091.671101][ T4492] usb 1-1: device descriptor read/64, error -71
[ 3091.879238][T10602] usb 2-1: Using ep0 maxpacket: 32
[ 3091.901071][ T4492] usb usb1-port1: attempt power cycle
[ 3091.919592][T10602] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 3091.939436][T10602] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 3092.057120][T10602] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 3092.091040][T10602] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 3092.114762][T10602] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3092.128627][T10602] usb 2-1: config 0 descriptor??
[ 3092.151777][T16744] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 3092.172284][T10602] hub 2-1:0.0: USB hub found
[ 3092.310893][ T4492] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[ 3092.350471][ T4492] usb 1-1: device descriptor read/8, error -71
[ 3092.371696][T10602] hub 2-1:0.0: 2 ports detected
[ 3092.564463][T16759] hsr_slave_0: left promiscuous mode
[ 3092.572469][T16759] hsr_slave_1: left promiscuous mode
[ 3092.597985][ T4492] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[ 3092.621733][ T4492] usb 1-1: device descriptor read/8, error -71
[ 3092.731338][ T4492] usb usb1-port1: unable to enumerate USB device
[ 3092.791959][T19077] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[ 3092.941031][T19077] usb 6-1: Using ep0 maxpacket: 16
[ 3092.948003][T19077] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3092.959265][T19077] usb 6-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00
[ 3092.968660][T19077] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3092.978977][T19077] usb 6-1: config 0 descriptor??
[ 3093.264986][T16769] syzkaller0: entered promiscuous mode
[ 3093.274086][T16769] syzkaller0: entered allmulticast mode
[ 3093.384854][T16774] syzkaller1: entered promiscuous mode
[ 3093.390534][T16774] syzkaller1: entered allmulticast mode
[ 3093.416606][T19077] sunplus 0003:04FC:05D8.00B3: unknown main item tag 0x0
[ 3093.427399][T16774] af_packet: tpacket_rcv: packet too big, clamped from 64993 to 3944. macoff=96
[ 3093.458846][T19077] sunplus 0003:04FC:05D8.00B3: unknown main item tag 0x0
[ 3093.466508][T19077] sunplus 0003:04FC:05D8.00B3: unknown main item tag 0x0
[ 3093.475053][T19077] sunplus 0003:04FC:05D8.00B3: unknown main item tag 0x0
[ 3093.482508][T19077] sunplus 0003:04FC:05D8.00B3: unknown main item tag 0x0
[ 3093.483946][T16776] FAULT_INJECTION: forcing a failure.
[ 3093.483946][T16776] name failslab, interval 1, probability 0, space 0, times 0
[ 3093.489686][T19077] sunplus 0003:04FC:05D8.00B3: unknown main item tag 0x0
[ 3093.503206][T16776] CPU: 1 UID: 0 PID: 16776 Comm: syz.3.12996 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3093.503236][T16776] Tainted: [L]=SOFTLOCKUP
[ 3093.503243][T16776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3093.503254][T16776] Call Trace:
[ 3093.503262][T16776]  <TASK>
[ 3093.503270][T16776]  dump_stack_lvl+0xe8/0x150
[ 3093.503301][T16776]  should_fail_ex+0x412/0x560
[ 3093.503327][T16776]  should_failslab+0xa8/0x100
[ 3093.503351][T16776]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 3093.503381][T16776]  ? __alloc_skb+0x1d0/0x7d0
[ 3093.503403][T16776]  ? __local_bh_enable_ip+0xd0/0x130
[ 3093.503430][T16776]  __alloc_skb+0x1d0/0x7d0
[ 3093.503452][T16776]  ? netlink_ack_tlv_len+0x6c/0x210
[ 3093.503477][T16776]  netlink_ack+0x146/0xa50
[ 3093.503495][T16776]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3093.503520][T16776]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 3093.503538][T16776]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 3093.503556][T16776]  ? __lock_acquire+0x6b5/0x2cf0
[ 3093.503588][T16776]  netlink_rcv_skb+0x2b6/0x4b0
[ 3093.503622][T16776]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3093.503649][T16776]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 3093.503684][T16776]  ? down_read+0x272/0x2e0
[ 3093.503703][T16776]  ? genl_rcv+0xd/0x40
[ 3093.503728][T16776]  genl_rcv+0x28/0x40
[ 3093.503752][T16776]  netlink_unicast+0x80f/0x9b0
[ 3093.503777][T16776]  ? __pfx_netlink_unicast+0x10/0x10
[ 3093.503798][T16776]  ? netlink_sendmsg+0x650/0xb40
[ 3093.503819][T16776]  ? skb_put+0x11b/0x210
[ 3093.503845][T16776]  netlink_sendmsg+0x813/0xb40
[ 3093.503874][T16776]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3093.503898][T16776]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 3093.503922][T16776]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 3093.503943][T16776]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3093.503963][T16776]  ____sys_sendmsg+0xa68/0xad0
[ 3093.503996][T16776]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3093.504029][T16776]  ? import_iovec+0x73/0xa0
[ 3093.504057][T16776]  ___sys_sendmsg+0x2a5/0x360
[ 3093.504087][T16776]  ? __pfx____sys_sendmsg+0x10/0x10
[ 3093.504143][T16776]  ? __fget_files+0x2a/0x420
[ 3093.504167][T16776]  ? __fget_files+0x3a0/0x420
[ 3093.504200][T16776]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 3093.504229][T16776]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 3093.504263][T16776]  ? __pfx_ksys_write+0x10/0x10
[ 3093.504291][T16776]  do_syscall_64+0x14d/0xf80
[ 3093.504316][T16776]  ? trace_irq_disable+0x3b/0x150
[ 3093.504340][T16776]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3093.504359][T16776]  ? clear_bhb_loop+0x40/0x90
[ 3093.504380][T16776]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3093.504399][T16776] RIP: 0033:0x7fc00e59c629
[ 3093.504416][T16776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3093.504432][T16776] RSP: 002b:00007fc00f3c5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3093.504452][T16776] RAX: ffffffffffffffda RBX: 00007fc00e815fa0 RCX: 00007fc00e59c629
[ 3093.504465][T16776] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[ 3093.504477][T16776] RBP: 00007fc00f3c5090 R08: 0000000000000000 R09: 0000000000000000
[ 3093.504488][T16776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3093.504499][T16776] R13: 00007fc00e816038 R14: 00007fc00e815fa0 R15: 00007fc00e93fa48
[ 3093.504527][T16776]  </TASK>
[ 3093.690999][ T4490] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[ 3093.700519][T19077] sunplus 0003:04FC:05D8.00B3: unknown main item tag 0x0
[ 3093.856523][ T4490] usb 5-1: Using ep0 maxpacket: 16
[ 3093.857935][T19077] sunplus 0003:04FC:05D8.00B3: unknown main item tag 0x0
[ 3093.858092][T10602] hub 2-1:0.0: hub_hub_status failed (err = -32)
[ 3093.883538][T16782] FAULT_INJECTION: forcing a failure.
[ 3093.883538][T16782] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3093.896969][T10602] hub 2-1:0.0: config failed, can't get hub status (err -32)
[ 3093.905203][T19077] sunplus 0003:04FC:05D8.00B3: unknown main item tag 0x0
[ 3093.906088][ T4490] usb 5-1: config 4 has an invalid interface number: 184 but max is 0
[ 3093.915207][T19077] sunplus 0003:04FC:05D8.00B3: unknown main item tag 0x0
[ 3093.931137][T16782] CPU: 0 UID: 0 PID: 16782 Comm: syz.0.12998 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3093.931165][T16782] Tainted: [L]=SOFTLOCKUP
[ 3093.931172][T16782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3093.931182][T16782] Call Trace:
[ 3093.931190][T16782]  <TASK>
[ 3093.931198][T16782]  dump_stack_lvl+0xe8/0x150
[ 3093.931235][T16782]  should_fail_ex+0x412/0x560
[ 3093.931261][T16782]  _copy_to_user+0x31/0xb0
[ 3093.931291][T16782]  simple_read_from_buffer+0xe1/0x170
[ 3093.931317][T16782]  proc_fail_nth_read+0x1bb/0x230
[ 3093.931345][T16782]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 3093.931391][T16782]  ? rw_verify_area+0x2a6/0x4d0
[ 3093.931409][T16782]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 3093.931433][T16782]  vfs_read+0x20c/0xa70
[ 3093.931449][T16782]  ? fdget_pos+0x246/0x320
[ 3093.931477][T16782]  ? __pfx___mutex_lock+0x10/0x10
[ 3093.931496][T16782]  ? __pfx_vfs_read+0x10/0x10
[ 3093.931514][T16782]  ? __fget_files+0x2a/0x420
[ 3093.931540][T16782]  ? __fget_files+0x3a0/0x420
[ 3093.931563][T16782]  ? __fget_files+0x2a/0x420
[ 3093.931595][T16782]  ksys_read+0x150/0x270
[ 3093.931616][T16782]  ? __pfx_ksys_read+0x10/0x10
[ 3093.931645][T16782]  do_syscall_64+0x14d/0xf80
[ 3093.931670][T16782]  ? trace_irq_disable+0x3b/0x150
[ 3093.931696][T16782]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3093.931715][T16782]  ? clear_bhb_loop+0x40/0x90
[ 3093.931738][T16782]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3093.931757][T16782] RIP: 0033:0x7f64f455cece
[ 3093.931775][T16782] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 3093.931791][T16782] RSP: 002b:00007f64f54e9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 3093.931818][T16782] RAX: ffffffffffffffda RBX: 00007f64f54ea6c0 RCX: 00007f64f455cece
[ 3093.931832][T16782] RDX: 000000000000000f RSI: 00007f64f54ea0a0 RDI: 0000000000000005
[ 3093.931844][T16782] RBP: 00007f64f54ea090 R08: 0000000000000000 R09: 0000000000000000
[ 3093.931856][T16782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3093.931867][T16782] R13: 00007f64f4816038 R14: 00007f64f4815fa0 R15: 00007f64f493fa48
[ 3093.931895][T16782]  </TASK>
[ 3093.932748][T10602] usbhid 2-1:0.0: can't add hid device: -32
[ 3093.937733][ T4490] usb 5-1: config 4 has no interface number 0
[ 3093.951093][T10602] usbhid 2-1:0.0: probe with driver usbhid failed with error -32
[ 3093.963130][ T4490] usb 5-1: config 4 interface 184 has no altsetting 0
[ 3093.971205][T19077] sunplus 0003:04FC:05D8.00B3: hidraw0: USB HID vff.fd Device [HID 04fc:05d8] on usb-dummy_hcd.5-1/input0
[ 3094.020259][ T4490] usb 5-1: New USB device found, idVendor=27c6, idProduct=5395, bcdDevice=9d.91
[ 3094.203818][ T4490] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3094.212298][ T4490] usb 5-1: Product: syz
[ 3094.216633][ T4490] usb 5-1: Manufacturer: syz
[ 3094.221578][ T4490] usb 5-1: SerialNumber: syz
[ 3094.452623][ T4490] usb 5-1: USB disconnect, device number 105
[ 3094.623408][T16790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 3094.648311][T16790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 3095.371010][T10602] usb 5-1: new full-speed USB device number 106 using dummy_hcd
[ 3095.528592][T12791] Bluetooth: hci0: command 0x0406 tx timeout
[ 3095.556719][T10602] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[ 3095.576621][T19077] usb 2-1: USB disconnect, device number 30
[ 3095.596888][T10602] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3095.606440][T10602] usb 5-1: Product: syz
[ 3095.612281][   T10] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[ 3095.620356][T10602] usb 5-1: Manufacturer: syz
[ 3095.626573][T10602] usb 5-1: SerialNumber: syz
[ 3095.636808][T10602] usb 5-1: config 0 descriptor??
[ 3095.705191][ T4492] usb 6-1: USB disconnect, device number 61
[ 3095.827608][   T10] usb 1-1: Using ep0 maxpacket: 16
[ 3095.889575][   T10] usb 1-1: config 0 has no interfaces?
[ 3095.900748][T19077] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[ 3095.931924][   T10] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 3095.952456][   T10] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 3095.997403][   T10] usb 1-1: Manufacturer: syz
[ 3096.023294][   T10] usb 1-1: config 0 descriptor??
[ 3096.073202][T19077] usb 2-1: config 0 has an invalid interface number: 31 but max is 0
[ 3096.092360][T19077] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3096.112181][T19077] usb 2-1: config 0 has no interface number 0
[ 3096.134016][T10602] airspy 5-1:0.0: Board ID: 00
[ 3096.138943][T10602] airspy 5-1:0.0: Firmware version: 
[ 3096.147682][T19077] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 3096.187148][T19077] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3096.229046][T19077] usb 2-1: Product: syz
[ 3096.240016][T19077] usb 2-1: Manufacturer: syz
[ 3096.250125][T19077] usb 2-1: SerialNumber: syz
[ 3096.292993][T19077] usb 2-1: config 0 descriptor??
[ 3096.353357][T10602] airspy 5-1:0.0: usb_control_msg() failed -71 request 11
[ 3096.366405][T10602] airspy 5-1:0.0: Registered as swradio24
[ 3096.374819][T19077] hub 2-1:0.31: bad descriptor, ignoring hub
[ 3096.381315][T19077] hub 2-1:0.31: probe with driver hub failed with error -5
[ 3096.388903][T10602] airspy 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[ 3096.402509][T19077] uvcvideo 2-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[ 3096.412523][T19077] uvcvideo 2-1:0.31: Entity type for entity Output 32774 was not initialized!
[ 3096.424155][T16807] netlink: 16 bytes leftover after parsing attributes in process `syz.0.13006'.
[ 3096.433419][T19077] uvcvideo 2-1:0.31: Failed to create links for entity 32774
[ 3096.448449][T16807] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 3096.464237][T19077] uvcvideo 2-1:0.31: Failed to register entities (-22).
[ 3096.495223][T10602] usb 5-1: USB disconnect, device number 106
[ 3096.761147][ T4490] usb 2-1: USB disconnect, device number 31
[ 3096.875506][T16824] syzkaller0: entered promiscuous mode
[ 3096.881102][T16824] syzkaller0: entered allmulticast mode
[ 3097.630722][T10602] usb 4-1: new full-speed USB device number 124 using dummy_hcd
[ 3097.813082][T10602] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3097.852006][T10602] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 3097.904113][T10602] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 3097.946290][T10602] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 3097.972286][T10602] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 3097.997017][T10602] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 3098.006698][T10602] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 3098.022811][T10602] usb 4-1: Product: syz
[ 3098.030250][T10602] usb 4-1: Manufacturer: syz
[ 3098.041027][T10602] usb 4-1: SerialNumber: syz
[ 3098.075429][T10602] usb 4-1: config 0 descriptor??
[ 3098.292655][T10602] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000
[ 3098.312791][T10602] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[ 3098.496889][T16838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3098.526183][T16838] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3098.662563][T10602] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -71
[ 3098.677519][T10602] radio-si470x 4-1:0.0: si470x_get_scratch: si470x_get_report returned -71
[ 3098.687613][T10602] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5
[ 3098.703875][T10602] usb 4-1: USB disconnect, device number 124
[ 3098.740604][   T10] usb 1-1: USB disconnect, device number 55
[ 3099.054956][T16861] xt_hashlimit: max too large, truncated to 1048576
[ 3099.803865][T16871] FAULT_INJECTION: forcing a failure.
[ 3099.803865][T16871] name failslab, interval 1, probability 0, space 0, times 0
[ 3099.955921][T16871] CPU: 1 UID: 0 PID: 16871 Comm: syz.0.13025 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3099.955942][T16871] Tainted: [L]=SOFTLOCKUP
[ 3099.955946][T16871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3099.955953][T16871] Call Trace:
[ 3099.955960][T16871]  <TASK>
[ 3099.955968][T16871]  dump_stack_lvl+0xe8/0x150
[ 3099.955997][T16871]  should_fail_ex+0x412/0x560
[ 3099.956023][T16871]  should_failslab+0xa8/0x100
[ 3099.956047][T16871]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 3099.956075][T16871]  ? __alloc_skb+0x1d0/0x7d0
[ 3099.956090][T16871]  ? __local_bh_enable_ip+0xd0/0x130
[ 3099.956106][T16871]  __alloc_skb+0x1d0/0x7d0
[ 3099.956119][T16871]  ? netlink_ack_tlv_len+0x6c/0x210
[ 3099.956133][T16871]  netlink_ack+0x146/0xa50
[ 3099.956144][T16871]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3099.956158][T16871]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 3099.956169][T16871]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 3099.956179][T16871]  ? __lock_acquire+0x6b5/0x2cf0
[ 3099.956198][T16871]  netlink_rcv_skb+0x2b6/0x4b0
[ 3099.956211][T16871]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3099.956226][T16871]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 3099.956246][T16871]  ? down_read+0x272/0x2e0
[ 3099.956257][T16871]  ? genl_rcv+0xd/0x40
[ 3099.956272][T16871]  genl_rcv+0x28/0x40
[ 3099.956286][T16871]  netlink_unicast+0x80f/0x9b0
[ 3099.956301][T16871]  ? __pfx_netlink_unicast+0x10/0x10
[ 3099.956323][T16871]  ? netlink_sendmsg+0x650/0xb40
[ 3099.956335][T16871]  ? skb_put+0x11b/0x210
[ 3099.956350][T16871]  netlink_sendmsg+0x813/0xb40
[ 3099.956367][T16871]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3099.956381][T16871]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 3099.956394][T16871]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 3099.956407][T16871]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3099.956419][T16871]  ____sys_sendmsg+0xa68/0xad0
[ 3099.956439][T16871]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3099.956458][T16871]  ? import_iovec+0x73/0xa0
[ 3099.956475][T16871]  ___sys_sendmsg+0x2a5/0x360
[ 3099.956492][T16871]  ? __pfx____sys_sendmsg+0x10/0x10
[ 3099.956524][T16871]  ? __fget_files+0x2a/0x420
[ 3099.956538][T16871]  ? __fget_files+0x3a0/0x420
[ 3099.956557][T16871]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 3099.956573][T16871]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 3099.956593][T16871]  ? __pfx_ksys_write+0x10/0x10
[ 3099.956610][T16871]  do_syscall_64+0x14d/0xf80
[ 3099.956626][T16871]  ? trace_irq_disable+0x3b/0x150
[ 3099.956641][T16871]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3099.956651][T16871]  ? clear_bhb_loop+0x40/0x90
[ 3099.956664][T16871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3099.956674][T16871] RIP: 0033:0x7f64f459c629
[ 3099.956685][T16871] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3099.956694][T16871] RSP: 002b:00007f64f54ea028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3099.956707][T16871] RAX: ffffffffffffffda RBX: 00007f64f4815fa0 RCX: 00007f64f459c629
[ 3099.956715][T16871] RDX: 0000000020080800 RSI: 0000200000001140 RDI: 0000000000000004
[ 3099.956722][T16871] RBP: 00007f64f54ea090 R08: 0000000000000000 R09: 0000000000000000
[ 3099.956729][T16871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3099.956735][T16871] R13: 00007f64f4816038 R14: 00007f64f4815fa0 R15: 00007f64f493fa48
[ 3099.956751][T16871]  </TASK>
[ 3102.033111][T16852] macsec1: entered promiscuous mode
[ 3102.072560][T16852] batadv_slave_1: entered promiscuous mode
[ 3102.135779][T16852] macsec1: entered allmulticast mode
[ 3102.196760][T16852] batadv_slave_1: entered allmulticast mode
[ 3102.412342][T16852] batadv_slave_1: left allmulticast mode
[ 3102.483234][T16852] batadv_slave_1: left promiscuous mode
[ 3102.586784][T16909] loop5: detected capacity change from 0 to 7
[ 3102.998072][    C0] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2
[ 3102.998254][T16909] Dev loop5: unable to read RDB block 7
[ 3103.008217][    C0] Buffer I/O error on dev loop5, logical block 0, lost async page write
[ 3103.132433][T16909]  loop5: unable to read partition table
[ 3103.152931][T16909] loop5: partition table beyond EOD, truncated
[ 3103.170477][T16909] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[ 3103.321341][T16923] FAULT_INJECTION: forcing a failure.
[ 3103.321341][T16923] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3103.334835][T16923] CPU: 1 UID: 0 PID: 16923 Comm: syz.0.13039 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3103.334865][T16923] Tainted: [L]=SOFTLOCKUP
[ 3103.334872][T16923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3103.334881][T16923] Call Trace:
[ 3103.334889][T16923]  <TASK>
[ 3103.334897][T16923]  dump_stack_lvl+0xe8/0x150
[ 3103.334929][T16923]  should_fail_ex+0x412/0x560
[ 3103.334957][T16923]  _copy_to_user+0x31/0xb0
[ 3103.334985][T16923]  rng_dev_read+0x3ef/0x7b0
[ 3103.335015][T16923]  ? __pfx_rng_dev_read+0x10/0x10
[ 3103.335045][T16923]  ? bpf_lsm_file_permission+0x9/0x20
[ 3103.335067][T16923]  ? security_file_permission+0x75/0x260
[ 3103.335096][T16923]  ? rw_verify_area+0x2a6/0x4d0
[ 3103.335118][T16923]  vfs_readv+0x587/0x840
[ 3103.335143][T16923]  ? __pfx_rng_dev_read+0x10/0x10
[ 3103.335172][T16923]  ? __pfx_vfs_readv+0x10/0x10
[ 3103.335207][T16923]  ? __fget_files+0x2a/0x420
[ 3103.335236][T16923]  ? __fget_files+0x3a0/0x420
[ 3103.335260][T16923]  ? __fget_files+0x2a/0x420
[ 3103.335292][T16923]  __x64_sys_preadv+0x19f/0x2a0
[ 3103.335315][T16923]  ? __pfx___x64_sys_preadv+0x10/0x10
[ 3103.335347][T16923]  do_syscall_64+0x14d/0xf80
[ 3103.335374][T16923]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3103.335394][T16923]  ? clear_bhb_loop+0x40/0x90
[ 3103.335417][T16923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3103.335436][T16923] RIP: 0033:0x7f64f459c629
[ 3103.335454][T16923] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3103.335471][T16923] RSP: 002b:00007f64f54a8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 3103.335491][T16923] RAX: ffffffffffffffda RBX: 00007f64f4816180 RCX: 00007f64f459c629
[ 3103.335505][T16923] RDX: 0000000000000001 RSI: 0000200000000180 RDI: 0000000000000006
[ 3103.335518][T16923] RBP: 00007f64f54a8090 R08: 0000000000000029 R09: 0000000000000000
[ 3103.335531][T16923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3103.335542][T16923] R13: 00007f64f4816218 R14: 00007f64f4816180 R15: 00007f64f493fa48
[ 3103.335571][T16923]  </TASK>
[ 3104.632681][T16929] team0: Failed to send port change of device dummy0 via netlink (err -105)
[ 3105.068161][T16929] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 3105.150180][T16929] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 3105.577238][T16936] FAULT_INJECTION: forcing a failure.
[ 3105.577238][T16936] name failslab, interval 1, probability 0, space 0, times 0
[ 3105.590265][   T37] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 3105.619077][T16936] CPU: 0 UID: 0 PID: 16936 Comm: syz.3.13043 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3105.619110][T16936] Tainted: [L]=SOFTLOCKUP
[ 3105.619117][T16936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3105.619129][T16936] Call Trace:
[ 3105.619137][T16936]  <TASK>
[ 3105.619145][T16936]  dump_stack_lvl+0xe8/0x150
[ 3105.619177][T16936]  should_fail_ex+0x412/0x560
[ 3105.619205][T16936]  should_failslab+0xa8/0x100
[ 3105.619230][T16936]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 3105.619263][T16936]  ? __alloc_skb+0x1d0/0x7d0
[ 3105.619285][T16936]  ? __local_bh_enable_ip+0xd0/0x130
[ 3105.619314][T16936]  __alloc_skb+0x1d0/0x7d0
[ 3105.619338][T16936]  ? netlink_ack_tlv_len+0x6c/0x210
[ 3105.619363][T16936]  netlink_ack+0x146/0xa50
[ 3105.619383][T16936]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3105.619408][T16936]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 3105.619427][T16936]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 3105.619446][T16936]  ? __lock_acquire+0x6b5/0x2cf0
[ 3105.619480][T16936]  netlink_rcv_skb+0x2b6/0x4b0
[ 3105.619503][T16936]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3105.619531][T16936]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 3105.619569][T16936]  ? down_read+0x272/0x2e0
[ 3105.619587][T16936]  ? genl_rcv+0xd/0x40
[ 3105.619614][T16936]  genl_rcv+0x28/0x40
[ 3105.619638][T16936]  netlink_unicast+0x80f/0x9b0
[ 3105.619666][T16936]  ? __pfx_netlink_unicast+0x10/0x10
[ 3105.619688][T16936]  ? netlink_sendmsg+0x650/0xb40
[ 3105.619709][T16936]  ? skb_put+0x11b/0x210
[ 3105.619735][T16936]  netlink_sendmsg+0x813/0xb40
[ 3105.619766][T16936]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3105.619792][T16936]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 3105.619817][T16936]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 3105.619839][T16936]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3105.619861][T16936]  ____sys_sendmsg+0xa68/0xad0
[ 3105.619902][T16936]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3105.619937][T16936]  ? import_iovec+0x73/0xa0
[ 3105.619964][T16936]  ___sys_sendmsg+0x2a5/0x360
[ 3105.619995][T16936]  ? __pfx____sys_sendmsg+0x10/0x10
[ 3105.620057][T16936]  ? __fget_files+0x2a/0x420
[ 3105.620079][T16936]  ? __fget_files+0x3a0/0x420
[ 3105.620113][T16936]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 3105.620143][T16936]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 3105.620178][T16936]  ? __pfx_ksys_write+0x10/0x10
[ 3105.620208][T16936]  do_syscall_64+0x14d/0xf80
[ 3105.620235][T16936]  ? trace_irq_disable+0x3b/0x150
[ 3105.620262][T16936]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3105.620280][T16936]  ? clear_bhb_loop+0x40/0x90
[ 3105.620303][T16936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3105.620322][T16936] RIP: 0033:0x7fc00e59c629
[ 3105.620341][T16936] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3105.620358][T16936] RSP: 002b:00007fc00f3c5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3105.620378][T16936] RAX: ffffffffffffffda RBX: 00007fc00e815fa0 RCX: 00007fc00e59c629
[ 3105.620393][T16936] RDX: 000000002000c040 RSI: 0000200000000580 RDI: 0000000000000004
[ 3105.620405][T16936] RBP: 00007fc00f3c5090 R08: 0000000000000000 R09: 0000000000000000
[ 3105.620417][T16936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3105.620429][T16936] R13: 00007fc00e816038 R14: 00007fc00e815fa0 R15: 00007fc00e93fa48
[ 3105.620458][T16936]  </TASK>
[ 3105.913364][T12791] Bluetooth: hci3: command 0x0406 tx timeout
[ 3105.951988][   T37] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 3105.961129][   T37] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 3105.970062][   T37] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 3106.149881][T16948] FAULT_INJECTION: forcing a failure.
[ 3106.149881][T16948] name failslab, interval 1, probability 0, space 0, times 0
[ 3106.250824][T16948] CPU: 0 UID: 0 PID: 16948 Comm: syz.3.13048 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3106.250855][T16948] Tainted: [L]=SOFTLOCKUP
[ 3106.250863][T16948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3106.250875][T16948] Call Trace:
[ 3106.250883][T16948]  <TASK>
[ 3106.250892][T16948]  dump_stack_lvl+0xe8/0x150
[ 3106.250924][T16948]  should_fail_ex+0x412/0x560
[ 3106.250951][T16948]  should_failslab+0xa8/0x100
[ 3106.250976][T16948]  __kmalloc_noprof+0xe8/0x760
[ 3106.250996][T16948]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 3106.251031][T16948]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 3106.251067][T16948]  genl_family_rcv_msg_doit+0xd9/0x330
[ 3106.251101][T16948]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 3106.251135][T16948]  ? apparmor_capable+0x126/0x170
[ 3106.251164][T16948]  ? bpf_lsm_capable+0x9/0x20
[ 3106.251197][T16948]  ? security_capable+0x7e/0x2c0
[ 3106.251225][T16948]  genl_rcv_msg+0x61c/0x7a0
[ 3106.251258][T16948]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3106.251283][T16948]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 3106.251302][T16948]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[ 3106.251325][T16948]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 3106.251348][T16948]  ? __lock_acquire+0x6b5/0x2cf0
[ 3106.251383][T16948]  netlink_rcv_skb+0x232/0x4b0
[ 3106.251406][T16948]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3106.251434][T16948]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 3106.251469][T16948]  ? down_read+0x272/0x2e0
[ 3106.251485][T16948]  ? genl_rcv+0xd/0x40
[ 3106.251511][T16948]  genl_rcv+0x28/0x40
[ 3106.251536][T16948]  netlink_unicast+0x80f/0x9b0
[ 3106.251564][T16948]  ? __pfx_netlink_unicast+0x10/0x10
[ 3106.251587][T16948]  ? netlink_sendmsg+0x650/0xb40
[ 3106.251607][T16948]  ? skb_put+0x11b/0x210
[ 3106.251635][T16948]  netlink_sendmsg+0x813/0xb40
[ 3106.251667][T16948]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3106.251693][T16948]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 3106.251716][T16948]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 3106.251743][T16948]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3106.251765][T16948]  ____sys_sendmsg+0xa68/0xad0
[ 3106.251802][T16948]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3106.251837][T16948]  ? import_iovec+0x73/0xa0
[ 3106.251867][T16948]  ___sys_sendmsg+0x2a5/0x360
[ 3106.251898][T16948]  ? __pfx____sys_sendmsg+0x10/0x10
[ 3106.251958][T16948]  ? __fget_files+0x2a/0x420
[ 3106.251983][T16948]  ? __fget_files+0x3a0/0x420
[ 3106.252018][T16948]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 3106.252047][T16948]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 3106.252083][T16948]  ? __pfx_ksys_write+0x10/0x10
[ 3106.252114][T16948]  do_syscall_64+0x14d/0xf80
[ 3106.252140][T16948]  ? trace_irq_disable+0x3b/0x150
[ 3106.252167][T16948]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3106.252186][T16948]  ? clear_bhb_loop+0x40/0x90
[ 3106.252210][T16948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3106.252229][T16948] RIP: 0033:0x7fc00e59c629
[ 3106.252248][T16948] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3106.252265][T16948] RSP: 002b:00007fc00f3c5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3106.252287][T16948] RAX: ffffffffffffffda RBX: 00007fc00e815fa0 RCX: 00007fc00e59c629
[ 3106.252301][T16948] RDX: 00000000000008c0 RSI: 00002000000095c0 RDI: 0000000000000004
[ 3106.252314][T16948] RBP: 00007fc00f3c5090 R08: 0000000000000000 R09: 0000000000000000
[ 3106.252326][T16948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3106.252338][T16948] R13: 00007fc00e816038 R14: 00007fc00e815fa0 R15: 00007fc00e93fa48
[ 3106.252368][T16948]  </TASK>
[ 3106.817332][T16958] loop5: detected capacity change from 0 to 7
[ 3107.021912][T16958] Dev loop5: unable to read RDB block 7
[ 3107.027837][T16958]  loop5: unable to read partition table
[ 3107.027900][    C0] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2
[ 3107.034528][T16958] loop5: partition table beyond EOD, 
[ 3107.043646][    C0] Buffer I/O error on dev loop5, logical block 0, lost async page write
[ 3107.091216][T16958] truncated
[ 3107.100026][T16958] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[ 3107.180820][ T4492] usb 5-1: new low-speed USB device number 107 using dummy_hcd
[ 3107.333406][ T4492] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 3107.390727][ T4492] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3107.403863][T16972] loop3: detected capacity change from 0 to 7
[ 3107.430859][ T4492] usb 5-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[ 3107.431377][T16972] Dev loop3: unable to read RDB block 7
[ 3107.446648][T16972]  loop3: unable to read partition table
[ 3107.452346][ T4492] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3107.454921][ T4492] usb 5-1: config 0 descriptor??
[ 3107.576319][T16972] loop3: partition table beyond EOD, truncated
[ 3107.655749][T16972] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 3107.713234][ T4492] glorious 0003:258A:0036.00B4: unbalanced collection at end of report description
[ 3107.811480][ T4492] glorious 0003:258A:0036.00B4: probe with driver glorious failed with error -22
[ 3107.902565][T19077] usb 5-1: USB disconnect, device number 107
[ 3108.855700][   T30] audit: type=1326 audit(1772033773.858:16610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16995 comm="syz.4.13060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa749b9c629 code=0x7ffc0000
[ 3108.994928][   T30] audit: type=1326 audit(1772033773.858:16611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16995 comm="syz.4.13060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa749b9c629 code=0x7ffc0000
[ 3109.075855][   T30] audit: type=1326 audit(1772033773.858:16612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16995 comm="syz.4.13060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa749b9c629 code=0x7ffc0000
[ 3109.170907][   T30] audit: type=1326 audit(1772033773.858:16613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16995 comm="syz.4.13060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fa749b9c629 code=0x7ffc0000
[ 3109.195814][   T30] audit: type=1326 audit(1772033773.858:16614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16995 comm="syz.4.13060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa749b9c629 code=0x7ffc0000
[ 3109.219654][   T30] audit: type=1326 audit(1772033773.858:16615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16995 comm="syz.4.13060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fa749b9c629 code=0x7ffc0000
[ 3109.245137][   T30] audit: type=1326 audit(1772033773.858:16616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16995 comm="syz.4.13060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa749b9c629 code=0x7ffc0000
[ 3109.333492][   T30] audit: type=1326 audit(1772033773.858:16617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16995 comm="syz.4.13060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7fa749b9c629 code=0x7ffc0000
[ 3109.423905][   T30] audit: type=1326 audit(1772033773.858:16618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16995 comm="syz.4.13060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa749b9c629 code=0x7ffc0000
[ 3109.607574][   T30] audit: type=1326 audit(1772033773.858:16619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16995 comm="syz.4.13060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa749b9c629 code=0x7ffc0000
[ 3110.179020][T17014] FAULT_INJECTION: forcing a failure.
[ 3110.179020][T17014] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3110.228720][T17014] CPU: 0 UID: 0 PID: 17014 Comm: syz.0.13066 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3110.228751][T17014] Tainted: [L]=SOFTLOCKUP
[ 3110.228758][T17014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3110.228769][T17014] Call Trace:
[ 3110.228777][T17014]  <TASK>
[ 3110.228786][T17014]  dump_stack_lvl+0xe8/0x150
[ 3110.228816][T17014]  should_fail_ex+0x412/0x560
[ 3110.228842][T17014]  _copy_to_user+0x31/0xb0
[ 3110.228870][T17014]  simple_read_from_buffer+0xe1/0x170
[ 3110.228898][T17014]  proc_fail_nth_read+0x1bb/0x230
[ 3110.228923][T17014]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 3110.228950][T17014]  ? rw_verify_area+0x2a6/0x4d0
[ 3110.228969][T17014]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 3110.228994][T17014]  vfs_read+0x20c/0xa70
[ 3110.229009][T17014]  ? fdget_pos+0x246/0x320
[ 3110.229036][T17014]  ? __pfx___mutex_lock+0x10/0x10
[ 3110.229054][T17014]  ? __pfx_vfs_read+0x10/0x10
[ 3110.229073][T17014]  ? __fget_files+0x2a/0x420
[ 3110.229101][T17014]  ? __fget_files+0x3a0/0x420
[ 3110.229124][T17014]  ? __fget_files+0x2a/0x420
[ 3110.229155][T17014]  ksys_read+0x150/0x270
[ 3110.229177][T17014]  ? __pfx_ksys_read+0x10/0x10
[ 3110.229203][T17014]  do_syscall_64+0x14d/0xf80
[ 3110.229240][T17014]  ? trace_irq_disable+0x3b/0x150
[ 3110.229267][T17014]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3110.229287][T17014]  ? clear_bhb_loop+0x40/0x90
[ 3110.229310][T17014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3110.229329][T17014] RIP: 0033:0x7f64f455cece
[ 3110.229347][T17014] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 3110.229363][T17014] RSP: 002b:00007f64f54e9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 3110.229382][T17014] RAX: ffffffffffffffda RBX: 00007f64f54ea6c0 RCX: 00007f64f455cece
[ 3110.229394][T17014] RDX: 000000000000000f RSI: 00007f64f54ea0a0 RDI: 0000000000000004
[ 3110.229404][T17014] RBP: 00007f64f54ea090 R08: 0000000000000000 R09: 0000000000000000
[ 3110.229415][T17014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3110.229427][T17014] R13: 00007f64f4816038 R14: 00007f64f4815fa0 R15: 00007f64f493fa48
[ 3110.229457][T17014]  </TASK>
[ 3111.203643][T17043] netlink: 'syz.1.13076': attribute type 39 has an invalid length.
[ 3112.582100][T17061] FAULT_INJECTION: forcing a failure.
[ 3112.582100][T17061] name failslab, interval 1, probability 0, space 0, times 0
[ 3112.611623][T17061] CPU: 1 UID: 0 PID: 17061 Comm: syz.3.13081 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3112.611657][T17061] Tainted: [L]=SOFTLOCKUP
[ 3112.611664][T17061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3112.611675][T17061] Call Trace:
[ 3112.611683][T17061]  <TASK>
[ 3112.611692][T17061]  dump_stack_lvl+0xe8/0x150
[ 3112.611723][T17061]  should_fail_ex+0x412/0x560
[ 3112.611750][T17061]  should_failslab+0xa8/0x100
[ 3112.611774][T17061]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 3112.611805][T17061]  ? __alloc_skb+0x1d0/0x7d0
[ 3112.611827][T17061]  ? __local_bh_enable_ip+0xd0/0x130
[ 3112.611855][T17061]  __alloc_skb+0x1d0/0x7d0
[ 3112.611877][T17061]  ? netlink_ack_tlv_len+0x6c/0x210
[ 3112.611902][T17061]  netlink_ack+0x146/0xa50
[ 3112.611930][T17061]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3112.611956][T17061]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 3112.611980][T17061]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 3112.611999][T17061]  ? __lock_acquire+0x6b5/0x2cf0
[ 3112.612033][T17061]  netlink_rcv_skb+0x2b6/0x4b0
[ 3112.612056][T17061]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3112.612083][T17061]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 3112.612121][T17061]  ? down_read+0x272/0x2e0
[ 3112.612139][T17061]  ? genl_rcv+0xd/0x40
[ 3112.612165][T17061]  genl_rcv+0x28/0x40
[ 3112.612189][T17061]  netlink_unicast+0x80f/0x9b0
[ 3112.612215][T17061]  ? __pfx_netlink_unicast+0x10/0x10
[ 3112.612236][T17061]  ? netlink_sendmsg+0x650/0xb40
[ 3112.612256][T17061]  ? skb_put+0x11b/0x210
[ 3112.612283][T17061]  netlink_sendmsg+0x813/0xb40
[ 3112.612314][T17061]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3112.612339][T17061]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 3112.612362][T17061]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 3112.612384][T17061]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3112.612405][T17061]  ____sys_sendmsg+0xa68/0xad0
[ 3112.612440][T17061]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3112.612475][T17061]  ? import_iovec+0x73/0xa0
[ 3112.612504][T17061]  ___sys_sendmsg+0x2a5/0x360
[ 3112.612535][T17061]  ? __pfx____sys_sendmsg+0x10/0x10
[ 3112.612593][T17061]  ? __fget_files+0x2a/0x420
[ 3112.612622][T17061]  ? __fget_files+0x3a0/0x420
[ 3112.612660][T17061]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 3112.612690][T17061]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 3112.612722][T17061]  ? __pfx_ksys_write+0x10/0x10
[ 3112.612752][T17061]  do_syscall_64+0x14d/0xf80
[ 3112.612778][T17061]  ? trace_irq_disable+0x3b/0x150
[ 3112.612804][T17061]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3112.612824][T17061]  ? clear_bhb_loop+0x40/0x90
[ 3112.612847][T17061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3112.612866][T17061] RIP: 0033:0x7fc00e59c629
[ 3112.612885][T17061] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3112.612902][T17061] RSP: 002b:00007fc00f3c5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3112.612923][T17061] RAX: ffffffffffffffda RBX: 00007fc00e815fa0 RCX: 00007fc00e59c629
[ 3112.612937][T17061] RDX: 0000000000000004 RSI: 0000200000000180 RDI: 0000000000000003
[ 3112.612949][T17061] RBP: 00007fc00f3c5090 R08: 0000000000000000 R09: 0000000000000000
[ 3112.612967][T17061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3112.612979][T17061] R13: 00007fc00e816038 R14: 00007fc00e815fa0 R15: 00007fc00e93fa48
[ 3112.613008][T17061]  </TASK>
[ 3112.621024][T19077] usb 6-1: new full-speed USB device number 62 using dummy_hcd
[ 3113.010883][T17064] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13083'.
[ 3113.207399][T17070] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13086'.
[ 3113.226155][T17070] FAULT_INJECTION: forcing a failure.
[ 3113.226155][T17070] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3113.241569][T17070] CPU: 0 UID: 0 PID: 17070 Comm: syz.4.13086 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3113.241600][T17070] Tainted: [L]=SOFTLOCKUP
[ 3113.241607][T17070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3113.241619][T17070] Call Trace:
[ 3113.241627][T17070]  <TASK>
[ 3113.241635][T17070]  dump_stack_lvl+0xe8/0x150
[ 3113.241662][T17070]  should_fail_ex+0x412/0x560
[ 3113.241686][T17070]  _copy_from_user+0x2d/0xb0
[ 3113.241710][T17070]  kstrtouint_from_user+0xd6/0x180
[ 3113.241733][T17070]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 3113.241770][T17070]  proc_fail_nth_write+0x8e/0x210
[ 3113.241796][T17070]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 3113.241826][T17070]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 3113.241852][T17070]  vfs_write+0x29a/0xb90
[ 3113.241880][T17070]  ? __pfx_vfs_write+0x10/0x10
[ 3113.241901][T17070]  ? __fget_files+0x2a/0x420
[ 3113.241931][T17070]  ? __fget_files+0x3a0/0x420
[ 3113.241955][T17070]  ? __fget_files+0x2a/0x420
[ 3113.241988][T17070]  ksys_write+0x150/0x270
[ 3113.242010][T17070]  ? __pfx_ksys_write+0x10/0x10
[ 3113.242039][T17070]  do_syscall_64+0x14d/0xf80
[ 3113.242081][T17070]  ? trace_irq_disable+0x3b/0x150
[ 3113.242104][T17070]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3113.242128][T17070]  ? clear_bhb_loop+0x40/0x90
[ 3113.242151][T17070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3113.242169][T17070] RIP: 0033:0x7fa749b5cece
[ 3113.242187][T17070] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 3113.242201][T17070] RSP: 002b:00007fa74aa1ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 3113.242220][T17070] RAX: ffffffffffffffda RBX: 00007fa74aa206c0 RCX: 00007fa749b5cece
[ 3113.242236][T17070] RDX: 0000000000000001 RSI: 00007fa74aa200a0 RDI: 0000000000000004
[ 3113.242247][T17070] RBP: 00007fa74aa20090 R08: 0000000000000000 R09: 0000000000000000
[ 3113.242258][T17070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3113.242269][T17070] R13: 00007fa749e16038 R14: 00007fa749e15fa0 R15: 00007fa749f3fa48
[ 3113.242297][T17070]  </TASK>
[ 3113.631738][T19077] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 3113.640115][T19077] usb 6-1: not running at top speed; connect to a high speed hub
[ 3113.649334][T19077] usb 6-1: config 161 has an invalid interface number: 6 but max is 0
[ 3113.657606][T19077] usb 6-1: config 161 has no interface number 0
[ 3113.664577][T19077] usb 6-1: config 161 interface 6 altsetting 250 has an endpoint descriptor with address 0xFD, changing to 0x8D
[ 3113.676548][T19077] usb 6-1: config 161 interface 6 altsetting 250 endpoint 0x8D has invalid maxpacket 18502, setting to 64
[ 3113.688085][T19077] usb 6-1: config 161 interface 6 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 3113.702832][T19077] usb 6-1: config 161 interface 6 has no altsetting 0
[ 3113.713360][T19077] usb 6-1: New USB device found, idVendor=12d1, idProduct=7ad6, bcdDevice=ea.69
[ 3113.722698][T19077] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3113.732950][T19077] usb 6-1: Product: syz
[ 3113.739539][T19077] usb 6-1: Manufacturer: syz
[ 3113.740767][ T4489] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[ 3113.752475][T19077] usb 6-1: SerialNumber: syz
[ 3113.762987][T17053] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 3113.914792][ T4489] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3113.927696][ T4489] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 3113.952518][ T4489] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 3113.962521][ T4489] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3113.971362][ T4489] usb 2-1: Product: syz
[ 3113.975850][ T4489] usb 2-1: Manufacturer: syz
[ 3113.979878][T19077] option 6-1:161.6: GSM modem (1-port) converter detected
[ 3113.982673][ T4489] usb 2-1: SerialNumber: syz
[ 3114.020412][ T4489] usb 2-1: config 0 descriptor??
[ 3114.026839][T19077] usb 6-1: GSM modem (1-port) converter now attached to ttyUSB0
[ 3114.045134][T17087] xt_hashlimit: max too large, truncated to 1048576
[ 3114.085804][T19077] usb 6-1: USB disconnect, device number 62
[ 3114.667151][T19077] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[ 3114.716788][T19077] option 6-1:161.6: device disconnected
[ 3114.788592][T17093] netdevsim netdevsim5 netdevsim0: entered promiscuous mode
[ 3114.799076][T17093] netlink: 'syz.5.13093': attribute type 5 has an invalid length.
[ 3115.077403][T17101] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13096'.
[ 3115.092190][   T10] usb 2-1: USB disconnect, device number 32
[ 3115.222799][T19077] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[ 3115.391822][T19077] usb 6-1: Using ep0 maxpacket: 8
[ 3115.415532][T19077] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 3115.433000][T19077] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[ 3115.455210][T19077] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[ 3115.473008][T17117] netlink: 20 bytes leftover after parsing attributes in process `syz.4.13102'.
[ 3115.484449][T19077] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 3115.496442][T17117] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13102'.
[ 3115.506490][T19077] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1
[ 3115.517112][T19077] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 3115.527298][   T10] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[ 3115.536693][T19077] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 3115.547703][T19077] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 3115.560853][T19077] usb 6-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[ 3115.587096][T17119] loop4: detected capacity change from 0 to 7
[ 3115.590378][T19077] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3115.596247][T17119] Buffer I/O error on dev loop4, logical block 0, async page read
[ 3115.603296][T19077] usb 6-1: Product: syz
[ 3115.615227][T17119] Buffer I/O error on dev loop4, logical block 0, async page read
[ 3115.623582][T17119] Buffer I/O error on dev loop4, logical block 0, async page read
[ 3115.632082][T17119] Buffer I/O error on dev loop4, logical block 0, async page read
[ 3115.640061][T17119] Buffer I/O error on dev loop4, logical block 0, async page read
[ 3115.640166][T19077] usb 6-1: Manufacturer: syz
[ 3115.655700][T19077] usb 6-1: SerialNumber: syz
[ 3115.659178][T17119] Buffer I/O error on dev loop4, logical block 0, async page read
[ 3115.669494][T19077] usb 6-1: config 0 descriptor??
[ 3115.674862][T10602] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[ 3115.684643][T17093] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 3115.693974][T17121] Invalid logical block size (4)
[ 3115.696492][T19077] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 3115.703899][T17121] macsec0: entered promiscuous mode
[ 3115.709699][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 3115.712867][T17119] Buffer I/O error on dev loop4, logical block 0, async page read
[ 3115.725783][   T10] usb 2-1: config 0 has no interfaces?
[ 3115.729570][T17119] ldm_validate_partition_table(): Disk read failed.
[ 3115.735876][T17121] macsec0: entered allmulticast mode
[ 3115.741621][T17119] Buffer I/O error on dev loop4, logical block 0, async page read
[ 3115.748157][   T10] usb 2-1: language id specifier not provided by device, defaulting to English
[ 3115.766746][T17119] Buffer I/O error on dev loop4, logical block 0, async page read
[ 3115.768090][T17121] veth1_macvtap: entered allmulticast mode
[ 3115.776212][T17119] Buffer I/O error on dev loop4, logical block 0, async page read
[ 3115.789466][   T10] usb 2-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[ 3115.790834][T17119] Dev loop4: unable to read RDB block 0
[ 3115.805090][T17119]  loop4: unable to read partition table
[ 3115.808928][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3115.812979][T17119] loop4: partition table beyond EOD, truncated
[ 3115.826161][T17119] loop_reread_partitions: partition scan of loop4 (úùƒå¡™‰ü�¾SêjºÐ	œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5)
[ 3115.841070][T10602] usb 1-1: Using ep0 maxpacket: 32
[ 3115.847096][   T10] usb 2-1: Product: syz
[ 3115.857334][   T10] usb 2-1: SerialNumber: syz
[ 3115.863350][T10602] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[ 3115.884509][   T10] usb 2-1: config 0 descriptor??
[ 3115.890554][T10602] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 3115.913483][ T4498] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[ 3115.925332][T10602] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 3115.936706][T10602] usb 1-1: config 1 has no interface number 0
[ 3115.947458][T19077] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -12
[ 3115.963704][T10602] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 3115.983361][T19077] usb 6-1: USB disconnect, device number 63
[ 3115.993824][T10602] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 1796, setting to 1024
[ 3116.013744][T10602] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 3116.033349][T10602] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 3116.046235][T14935] udevd[14935]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 3116.064812][T10602] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3116.083770][T17115] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 3116.101785][ T4498] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3116.114481][ T4498] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 3116.127592][T10602] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[ 3116.134107][ T4498] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 3116.153283][ T4498] usb 5-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72
[ 3116.158895][T17126] netlink: 'syz.3.13103': attribute type 3 has an invalid length.
[ 3116.170714][ T4498] usb 5-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0
[ 3116.179490][ T4498] usb 5-1: Manufacturer: syz
[ 3116.188720][ T4498] usb 5-1: config 0 descriptor??
[ 3116.194667][T17124] bond1: ARP target 9.0.0.0 is already present
[ 3116.204404][ T4498] smsusb:smsusb_probe: board id=9, interface number 0
[ 3116.213023][ T4498] smsusb:smsusb_probe: Device initialized with return code -19
[ 3116.222494][T17124] bond1: option arp_ip_target: invalid value (9)
[ 3116.232138][T17124] bond1 (unregistering): Released all slaves
[ 3116.317158][T17115] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 3116.334819][T10602] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached
[ 3116.405961][ T4489] usb 5-1: USB disconnect, device number 108
[ 3116.447524][T10602] usb 2-1: USB disconnect, device number 33
[ 3116.538047][ T4498] usb 1-1: USB disconnect, device number 56
[ 3116.546533][ T4498] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[ 3116.674505][T17132] FAULT_INJECTION: forcing a failure.
[ 3116.674505][T17132] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3116.687961][T17132] CPU: 1 UID: 0 PID: 17132 Comm: syz.3.13105 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3116.687993][T17132] Tainted: [L]=SOFTLOCKUP
[ 3116.688000][T17132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3116.688013][T17132] Call Trace:
[ 3116.688020][T17132]  <TASK>
[ 3116.688029][T17132]  dump_stack_lvl+0xe8/0x150
[ 3116.688060][T17132]  should_fail_ex+0x412/0x560
[ 3116.688084][T17132]  _copy_to_user+0x31/0xb0
[ 3116.688112][T17132]  put_timespec64+0xc8/0x130
[ 3116.688136][T17132]  ? __pfx_put_timespec64+0x10/0x10
[ 3116.688165][T17132]  poll_select_finish+0x4b5/0x630
[ 3116.688194][T17132]  ? __pfx_poll_select_finish+0x10/0x10
[ 3116.688224][T17132]  ? __pfx_set_user_sigmask+0x10/0x10
[ 3116.688258][T17132]  __se_sys_pselect6+0x27e/0x320
[ 3116.688283][T17132]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 3116.688306][T17132]  ? __pfx_ksys_write+0x10/0x10
[ 3116.688329][T17132]  ? __x64_sys_pselect6+0x21/0xf0
[ 3116.688353][T17132]  do_syscall_64+0x14d/0xf80
[ 3116.688378][T17132]  ? trace_irq_disable+0x3b/0x150
[ 3116.688400][T17132]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3116.688416][T17132]  ? clear_bhb_loop+0x40/0x90
[ 3116.688435][T17132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3116.688450][T17132] RIP: 0033:0x7fc00e59c629
[ 3116.688465][T17132] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3116.688478][T17132] RSP: 002b:00007fc00f3c5028 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 3116.688496][T17132] RAX: ffffffffffffffda RBX: 00007fc00e815fa0 RCX: 00007fc00e59c629
[ 3116.688507][T17132] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000040
[ 3116.688518][T17132] RBP: 00007fc00f3c5090 R08: 0000200000000280 R09: 0000000000000000
[ 3116.688528][T17132] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[ 3116.688538][T17132] R13: 00007fc00e816038 R14: 00007fc00e815fa0 R15: 00007fc00e93fa48
[ 3116.688561][T17132]  </TASK>
[ 3117.235562][T17148] FAULT_INJECTION: forcing a failure.
[ 3117.235562][T17148] name failslab, interval 1, probability 0, space 0, times 0
[ 3117.249389][T17148] CPU: 1 UID: 0 PID: 17148 Comm: syz.0.13110 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3117.249439][T17148] Tainted: [L]=SOFTLOCKUP
[ 3117.249446][T17148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3117.249459][T17148] Call Trace:
[ 3117.249468][T17148]  <TASK>
[ 3117.249475][T17148]  dump_stack_lvl+0xe8/0x150
[ 3117.249511][T17148]  should_fail_ex+0x412/0x560
[ 3117.249545][T17148]  should_failslab+0xa8/0x100
[ 3117.249569][T17148]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 3117.249600][T17148]  ? __alloc_skb+0x1d0/0x7d0
[ 3117.249623][T17148]  ? __local_bh_enable_ip+0xd0/0x130
[ 3117.249652][T17148]  __alloc_skb+0x1d0/0x7d0
[ 3117.249675][T17148]  ? netlink_ack_tlv_len+0x6c/0x210
[ 3117.249699][T17148]  netlink_ack+0x146/0xa50
[ 3117.249718][T17148]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3117.249744][T17148]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 3117.249763][T17148]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 3117.249781][T17148]  ? __lock_acquire+0x6b5/0x2cf0
[ 3117.249814][T17148]  netlink_rcv_skb+0x2b6/0x4b0
[ 3117.249836][T17148]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3117.249863][T17148]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 3117.249901][T17148]  ? down_read+0x272/0x2e0
[ 3117.249919][T17148]  ? genl_rcv+0xd/0x40
[ 3117.249946][T17148]  genl_rcv+0x28/0x40
[ 3117.249970][T17148]  netlink_unicast+0x80f/0x9b0
[ 3117.249997][T17148]  ? __pfx_netlink_unicast+0x10/0x10
[ 3117.250019][T17148]  ? netlink_sendmsg+0x650/0xb40
[ 3117.250039][T17148]  ? skb_put+0x11b/0x210
[ 3117.250066][T17148]  netlink_sendmsg+0x813/0xb40
[ 3117.250097][T17148]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3117.250122][T17148]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 3117.250146][T17148]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 3117.250168][T17148]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3117.250189][T17148]  ____sys_sendmsg+0xa68/0xad0
[ 3117.250224][T17148]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3117.250255][T17148]  ? import_iovec+0x73/0xa0
[ 3117.250284][T17148]  ___sys_sendmsg+0x2a5/0x360
[ 3117.250315][T17148]  ? __pfx____sys_sendmsg+0x10/0x10
[ 3117.250372][T17148]  ? __fget_files+0x2a/0x420
[ 3117.250397][T17148]  ? __fget_files+0x3a0/0x420
[ 3117.250431][T17148]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 3117.250460][T17148]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 3117.250496][T17148]  ? __pfx_ksys_write+0x10/0x10
[ 3117.250531][T17148]  do_syscall_64+0x14d/0xf80
[ 3117.250557][T17148]  ? trace_irq_disable+0x3b/0x150
[ 3117.250582][T17148]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3117.250602][T17148]  ? clear_bhb_loop+0x40/0x90
[ 3117.250622][T17148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3117.250639][T17148] RIP: 0033:0x7f64f459c629
[ 3117.250655][T17148] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3117.250672][T17148] RSP: 002b:00007f64f54ea028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3117.250693][T17148] RAX: ffffffffffffffda RBX: 00007f64f4815fa0 RCX: 00007f64f459c629
[ 3117.250707][T17148] RDX: 0000000000004000 RSI: 0000200000000200 RDI: 0000000000000003
[ 3117.250719][T17148] RBP: 00007f64f54ea090 R08: 0000000000000000 R09: 0000000000000000
[ 3117.250731][T17148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3117.250743][T17148] R13: 00007f64f4816038 R14: 00007f64f4815fa0 R15: 00007f64f493fa48
[ 3117.250772][T17148]  </TASK>
[ 3117.588587][ T4489] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[ 3118.015976][ T4489] usb 5-1: Using ep0 maxpacket: 32
[ 3118.042809][ T4489] usb 5-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[ 3118.054302][ T4489] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3118.062899][ T4489] usb 5-1: Product: syz
[ 3118.077229][ T4489] usb 5-1: Manufacturer: syz
[ 3118.088339][ T4489] usb 5-1: SerialNumber: syz
[ 3118.108748][ T4489] usb 5-1: config 0 descriptor??
[ 3118.336742][ T4489] peak_usb 5-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[ 3118.365378][ T4489] peak_usb 5-1:0.0: unable to read PCAN-USB Pro firmware info (err -71)
[ 3118.507427][ T4489] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -71
[ 3118.519096][ T4489] usb 5-1: USB disconnect, device number 109
[ 3118.757027][T17171] binder: BINDER_SET_CONTEXT_MGR already set
[ 3118.763335][T17171] binder: 17170:17171 ioctl 4018620d 200000000040 returned -16
[ 3118.786782][T17171] binder: 17170:17171 ioctl c0306201 2000000003c0 returned -14
[ 3118.988513][T17175] FAULT_INJECTION: forcing a failure.
[ 3118.988513][T17175] name failslab, interval 1, probability 0, space 0, times 0
[ 3119.049512][T17175] CPU: 1 UID: 0 PID: 17175 Comm: syz.0.13119 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3119.049544][T17175] Tainted: [L]=SOFTLOCKUP
[ 3119.049551][T17175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3119.049562][T17175] Call Trace:
[ 3119.049570][T17175]  <TASK>
[ 3119.049578][T17175]  dump_stack_lvl+0xe8/0x150
[ 3119.049608][T17175]  should_fail_ex+0x412/0x560
[ 3119.049633][T17175]  should_failslab+0xa8/0x100
[ 3119.049658][T17175]  __kmalloc_node_track_caller_noprof+0xeb/0x7b0
[ 3119.049680][T17175]  ? mptcp_pm_nl_add_addr_doit+0x3b7/0x1500
[ 3119.049710][T17175]  kmemdup_noprof+0x2b/0x70
[ 3119.049735][T17175]  mptcp_pm_nl_add_addr_doit+0x3b7/0x1500
[ 3119.049763][T17175]  ? __nla_validate_parse+0x2480/0x2dc0
[ 3119.049786][T17175]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3119.049812][T17175]  ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10
[ 3119.049841][T17175]  ? __pfx___nla_validate_parse+0x10/0x10
[ 3119.049877][T17175]  ? rcu_is_watching+0x15/0xb0
[ 3119.049901][T17175]  ? trace_kmalloc+0x2a/0x110
[ 3119.049929][T17175]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 3119.049962][T17175]  genl_family_rcv_msg_doit+0x22a/0x330
[ 3119.049989][T17175]  ? __asan_memcpy+0x40/0x70
[ 3119.050019][T17175]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 3119.050058][T17175]  ? bpf_lsm_capable+0x9/0x20
[ 3119.050082][T17175]  ? security_capable+0x7e/0x2c0
[ 3119.050110][T17175]  genl_rcv_msg+0x61c/0x7a0
[ 3119.050143][T17175]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3119.050169][T17175]  ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10
[ 3119.050197][T17175]  ? __lock_acquire+0x6b5/0x2cf0
[ 3119.050232][T17175]  netlink_rcv_skb+0x232/0x4b0
[ 3119.050255][T17175]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 3119.050284][T17175]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 3119.050323][T17175]  ? down_read+0x272/0x2e0
[ 3119.050341][T17175]  ? genl_rcv+0xd/0x40
[ 3119.050368][T17175]  genl_rcv+0x28/0x40
[ 3119.050397][T17175]  netlink_unicast+0x80f/0x9b0
[ 3119.050424][T17175]  ? __pfx_netlink_unicast+0x10/0x10
[ 3119.050453][T17175]  ? netlink_sendmsg+0x650/0xb40
[ 3119.050473][T17175]  ? skb_put+0x11b/0x210
[ 3119.050501][T17175]  netlink_sendmsg+0x813/0xb40
[ 3119.050530][T17175]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3119.050556][T17175]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 3119.050581][T17175]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 3119.050603][T17175]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3119.050622][T17175]  ____sys_sendmsg+0xa68/0xad0
[ 3119.050653][T17175]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3119.050682][T17175]  ? import_iovec+0x73/0xa0
[ 3119.050708][T17175]  ___sys_sendmsg+0x2a5/0x360
[ 3119.050736][T17175]  ? __pfx____sys_sendmsg+0x10/0x10
[ 3119.050793][T17175]  ? __fget_files+0x2a/0x420
[ 3119.050818][T17175]  ? __fget_files+0x3a0/0x420
[ 3119.050852][T17175]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 3119.050880][T17175]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 3119.050915][T17175]  ? __pfx_ksys_write+0x10/0x10
[ 3119.050947][T17175]  do_syscall_64+0x14d/0xf80
[ 3119.050972][T17175]  ? trace_irq_disable+0x3b/0x150
[ 3119.050998][T17175]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3119.051016][T17175]  ? clear_bhb_loop+0x40/0x90
[ 3119.051039][T17175]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3119.051059][T17175] RIP: 0033:0x7f64f459c629
[ 3119.051078][T17175] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3119.051095][T17175] RSP: 002b:00007f64f54ea028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3119.051116][T17175] RAX: ffffffffffffffda RBX: 00007f64f4815fa0 RCX: 00007f64f459c629
[ 3119.051130][T17175] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[ 3119.051143][T17175] RBP: 00007f64f54ea090 R08: 0000000000000000 R09: 0000000000000000
[ 3119.051154][T17175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3119.051166][T17175] R13: 00007f64f4816038 R14: 00007f64f4815fa0 R15: 00007f64f493fa48
[ 3119.051196][T17175]  </TASK>
[ 3119.854148][T17186] netlink: 'syz.5.13123': attribute type 1 has an invalid length.
[ 3119.941038][ T4489] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 3120.101935][ T4489] usb 2-1: Using ep0 maxpacket: 16
[ 3120.115788][ T4489] usb 2-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[ 3120.125472][ T4489] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3120.134011][ T4489] usb 2-1: Product: syz
[ 3120.154548][ T4489] usb 2-1: Manufacturer: syz
[ 3120.164795][ T4489] usb 2-1: SerialNumber: syz
[ 3120.392477][ T4489] usb 2-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[ 3120.419419][ T4489] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 3120.444750][ T4489] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[ 3120.461028][ T4489] usb 2-1: media controller created
[ 3120.497783][ T4489] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 3120.589770][ T4489] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 3120.645997][ T4489] dvb_usb_gl861 2-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[ 3120.676971][ T4489] usb 2-1: USB disconnect, device number 34
[ 3121.371398][T10602] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[ 3121.426175][T17227] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3121.480983][T17227] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3121.553100][T10602] usb 4-1: config 171 has an invalid interface number: 109 but max is 0
[ 3121.577194][T10602] usb 4-1: config 171 has an invalid descriptor of length 0, skipping remainder of the config
[ 3121.604409][T10602] usb 4-1: config 171 has no interface number 0
[ 3121.631474][T10602] usb 4-1: config 171 interface 109 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023
[ 3121.660880][ T4492] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[ 3121.676923][T10602] usb 4-1: config 171 interface 109 altsetting 0 endpoint 0x1 has invalid maxpacket 12032, setting to 64
[ 3121.702073][T10602] usb 4-1: config 171 interface 109 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 12
[ 3121.749490][T10602] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=fd.2e
[ 3121.759424][T10602] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3121.777471][T10602] usb 4-1: Product: syz
[ 3121.785050][T10602] usb 4-1: Manufacturer: syz
[ 3121.801517][T10602] usb 4-1: SerialNumber: syz
[ 3121.823243][ T4492] usb 6-1: Using ep0 maxpacket: 8
[ 3121.846980][T17217] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 3121.882128][ T4492] usb 6-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[ 3121.900398][ T4492] usb 6-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[ 3121.915533][ T4492] usb 6-1: Product: syz
[ 3121.919952][ T4492] usb 6-1: Manufacturer: syz
[ 3121.925490][ T4492] usb 6-1: SerialNumber: syz
[ 3121.978755][ T4492] usb 6-1: config 0 descriptor??
[ 3121.999427][ T4492] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[ 3122.198017][ T4492] gspca_zc3xx: reg_w_i err -71
[ 3122.206062][ T4492] gspca_zc3xx 6-1:0.0: probe with driver gspca_zc3xx failed with error -71
[ 3122.249507][ T4492] usb 6-1: USB disconnect, device number 64
[ 3122.348727][T17216] xt_policy: output policy not valid in PREROUTING and INPUT
[ 3122.480739][ T4489] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[ 3122.631233][ T4489] usb 5-1: Using ep0 maxpacket: 16
[ 3122.638298][ T4489] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 3122.650267][ T4489] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 3122.664100][ T4489] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 3122.673653][ T4489] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3122.681869][ T4489] usb 5-1: Product: syz
[ 3122.686153][ T4489] usb 5-1: Manufacturer: syz
[ 3122.690873][ T4489] usb 5-1: SerialNumber: syz
[ 3122.698650][ T4489] usb 5-1: config 0 descriptor??
[ 3122.709405][ T4489] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 3122.730337][ T4489] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[ 3122.919187][T17257] ip6tnl1: entered promiscuous mode
[ 3122.934763][T17257] ip6tnl1: entered allmulticast mode
[ 3122.955187][T10602] ath6kl: Failed to submit usb control message: -110
[ 3122.976012][T10602] ath6kl: unable to send the bmi data to the device: -110
[ 3122.996151][T10602] ath6kl: Unable to send get target info: -110
[ 3122.996312][T17259] netlink: 28 bytes leftover after parsing attributes in process `syz.0.13145'.
[ 3123.017568][T10602] ath6kl: Failed to init ath6kl core: -110
[ 3123.040583][T10602] ath6kl_usb 4-1:171.109: probe with driver ath6kl_usb failed with error -110
[ 3123.324028][ T4489] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[ 3123.338880][ T4489] em28xx 5-1:0.0: Config register raw data: 0xfffffffb
[ 3123.355767][ T4490] usb 6-1: new high-speed USB device number 65 using dummy_hcd
[ 3123.365389][ T4489] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[ 3123.383449][ T4489] em28xx 5-1:0.0: No AC97 audio processor
[ 3123.532593][ T4490] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 3123.557403][ T4490] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 3123.640298][ T4490] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 3123.652072][ T4490] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 3123.756051][ T4490] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 3123.766665][ T4490] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3123.792951][ T4490] usb 6-1: config 0 descriptor??
[ 3123.955872][ T4489] usb 4-1: USB disconnect, device number 125
[ 3124.214737][ T4490] hid_parser_main: 150 callbacks suppressed
[ 3124.214762][ T4490] plantronics 0003:047F:FFFF.00B5: unknown main item tag 0x0
[ 3124.253824][ T4490] plantronics 0003:047F:FFFF.00B5: unknown main item tag 0x0
[ 3124.262214][ T4490] plantronics 0003:047F:FFFF.00B5: unknown main item tag 0x0
[ 3124.269791][ T4490] plantronics 0003:047F:FFFF.00B5: unknown main item tag 0x0
[ 3124.306290][ T4490] plantronics 0003:047F:FFFF.00B5: unknown main item tag 0x0
[ 3124.361446][ T4490] plantronics 0003:047F:FFFF.00B5: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 3124.555951][T17292] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13153'.
[ 3124.627557][T17295] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3124.702857][T17295] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3125.091461][T17312] netlink: 'syz.1.13157': attribute type 15 has an invalid length.
[ 3125.153087][T10602] usb 6-1: USB disconnect, device number 65
[ 3125.253459][ T4492] usb 5-1: USB disconnect, device number 110
[ 3125.260361][ T4492] em28xx 5-1:0.0: Disconnecting em28xx
[ 3125.267075][ T4492] em28xx 5-1:0.0: Freeing device
[ 3125.436538][T17321] netlink: 132 bytes leftover after parsing attributes in process `syz.1.13160'.
[ 3125.993803][T17328] netlink: 32 bytes leftover after parsing attributes in process `syz.1.13161'.
[ 3126.285466][T17343] FAULT_INJECTION: forcing a failure.
[ 3126.285466][T17343] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3126.358022][T17343] CPU: 0 UID: 0 PID: 17343 Comm: syz.1.13165 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3126.358053][T17343] Tainted: [L]=SOFTLOCKUP
[ 3126.358060][T17343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3126.358070][T17343] Call Trace:
[ 3126.358077][T17343]  <TASK>
[ 3126.358085][T17343]  dump_stack_lvl+0xe8/0x150
[ 3126.358112][T17343]  should_fail_ex+0x412/0x560
[ 3126.358136][T17343]  strncpy_from_user+0x36/0x2b0
[ 3126.358165][T17343]  do_getname+0x77/0x250
[ 3126.358190][T17343]  __se_sys_rename+0x2b/0x2c0
[ 3126.358215][T17343]  do_syscall_64+0x14d/0xf80
[ 3126.358242][T17343]  ? trace_irq_disable+0x3b/0x150
[ 3126.358266][T17343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3126.358286][T17343]  ? clear_bhb_loop+0x40/0x90
[ 3126.358314][T17343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3126.358333][T17343] RIP: 0033:0x7ff226d9c629
[ 3126.358349][T17343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3126.358363][T17343] RSP: 002b:00007ff224ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[ 3126.358380][T17343] RAX: ffffffffffffffda RBX: 00007ff227016180 RCX: 00007ff226d9c629
[ 3126.358392][T17343] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000100
[ 3126.358404][T17343] RBP: 00007ff224ff6090 R08: 0000000000000000 R09: 0000000000000000
[ 3126.358415][T17343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3126.358425][T17343] R13: 00007ff227016218 R14: 00007ff227016180 R15: 00007ff22713fa48
[ 3126.358453][T17343]  </TASK>
[ 3127.431294][ T4490] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[ 3127.477187][T17362] syz_tun: entered allmulticast mode
[ 3127.602698][T17368] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13173'.
[ 3127.612477][T17368] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13173'.
[ 3127.624668][T17368] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13173'.
[ 3127.722837][ T4490] usb 5-1: Using ep0 maxpacket: 32
[ 3127.764860][ T4490] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[ 3127.779652][ T4490] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[ 3127.803611][ T4490] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 3127.828966][ T4490] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[ 3127.859403][ T4490] usb 5-1: config 0 interface 0 has no altsetting 0
[ 3127.878665][ T4490] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[ 3127.893357][ T4490] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[ 3127.916784][ T4490] usb 5-1: Product: syz
[ 3127.928974][ T4490] usb 5-1: Manufacturer: syz
[ 3128.081637][ T4490] usb 5-1: SerialNumber: syz
[ 3128.138690][ T4490] usb 5-1: config 0 descriptor??
[ 3128.195465][ T4490] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 3128.237975][ T4490] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 3128.572374][T17361] syz_tun: left allmulticast mode
[ 3128.775477][T17378] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 3129.371988][ T4490] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[ 3129.445360][T17394] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13181'.
[ 3129.489917][T17394] netlink: 412 bytes leftover after parsing attributes in process `syz.0.13181'.
[ 3129.542723][ T4490] usb 2-1: device descriptor read/64, error -71
[ 3129.820923][ T4490] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[ 3129.950798][ T4490] usb 2-1: device descriptor read/64, error -71
[ 3129.980751][ T4492] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 3130.061191][ T4490] usb usb2-port1: attempt power cycle
[ 3130.165331][ T4492] usb 4-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50
[ 3130.195499][ T4492] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3130.212787][ T4489] usb 5-1: USB disconnect, device number 111
[ 3130.224469][ T4492] usb 4-1: Product: syz
[ 3130.235514][ T4492] usb 4-1: Manufacturer: syz
[ 3130.246290][ T4489] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[ 3130.261660][ T4492] usb 4-1: SerialNumber: syz
[ 3130.283549][ T4492] usb 4-1: config 0 descriptor??
[ 3130.300461][ T4492] usb 4-1: Waiting for MOTU Microbook II to boot up...
[ 3130.327859][ T4492] usb 4-1: failed setting the sample rate for Motu MicroBook II: -22
[ 3130.344271][ T4492] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -22
[ 3130.420937][ T4490] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[ 3130.452046][ T4490] usb 2-1: device descriptor read/8, error -71
[ 3130.700825][ T4490] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[ 3130.735220][ T4490] usb 2-1: device descriptor read/8, error -71
[ 3130.890254][ T4490] usb usb2-port1: unable to enumerate USB device
[ 3130.944514][T17416] netlink: 36 bytes leftover after parsing attributes in process `syz.4.13186'.
[ 3132.108661][T17441] xt_hashlimit: max too large, truncated to 1048576
[ 3132.381722][T17449] fuse: Unknown parameter 'f'
[ 3133.428463][ T4490] usb 4-1: USB disconnect, device number 126
[ 3133.703995][T17469] netlink: 40 bytes leftover after parsing attributes in process `syz.3.13201'.
[ 3133.720273][T17466] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 3133.728603][T17466] syzkaller0: entered promiscuous mode
[ 3133.734546][T17466] syzkaller0: entered allmulticast mode
[ 3133.745211][T17466] tipc: Resetting bearer <eth:syzkaller0>
[ 3133.770253][T17465] tipc: Resetting bearer <eth:syzkaller0>
[ 3133.840913][T17465] tipc: Disabling bearer <eth:syzkaller0>
[ 3134.360559][ T4498] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[ 3134.531636][T10602] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[ 3134.571715][ T4498] usb 4-1: Using ep0 maxpacket: 8
[ 3134.578696][ T4498] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 13
[ 3134.593274][ T4498] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[ 3134.603596][ T4498] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3134.619294][ T4498] usb 4-1: Product: syz
[ 3134.629707][ T4498] usb 4-1: Manufacturer: syz
[ 3134.639120][ T4498] usb 4-1: SerialNumber: syz
[ 3134.655585][ T4498] usb 4-1: config 0 descriptor??
[ 3134.663072][ T4498] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[ 3134.701188][T10602] usb 2-1: Using ep0 maxpacket: 8
[ 3134.722425][T10602] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 3134.733402][T10602] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 3134.751735][T10602] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 3134.762357][T10602] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 3134.773878][T10602] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3134.787695][T10602] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 3134.805946][T10602] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3134.920759][T19077] usb 6-1: new low-speed USB device number 66 using dummy_hcd
[ 3135.051245][T19077] usb 6-1: device descriptor read/64, error -71
[ 3135.393201][T10602] usb 2-1: GET_CAPABILITIES returned 0
[ 3135.403229][T10602] usbtmc 2-1:16.0: can't read capabilities
[ 3135.592397][ T4490] usb 2-1: USB disconnect, device number 39
[ 3135.620874][T19077] usb 6-1: new low-speed USB device number 67 using dummy_hcd
[ 3135.760741][T19077] usb 6-1: device descriptor read/64, error -71
[ 3135.800059][T17479] FAULT_INJECTION: forcing a failure.
[ 3135.800059][T17479] name failslab, interval 1, probability 0, space 0, times 0
[ 3135.821081][T17479] CPU: 1 UID: 0 PID: 17479 Comm: syz.1.13204 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3135.821115][T17479] Tainted: [L]=SOFTLOCKUP
[ 3135.821122][T17479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3135.821132][T17479] Call Trace:
[ 3135.821138][T17479]  <TASK>
[ 3135.821145][T17479]  dump_stack_lvl+0xe8/0x150
[ 3135.821166][T17479]  should_fail_ex+0x412/0x560
[ 3135.821180][T17479]  ? create_io_worker+0x27/0x5c0
[ 3135.821202][T17479]  should_failslab+0xa8/0x100
[ 3135.821226][T17479]  __kmalloc_cache_noprof+0x88/0x660
[ 3135.821247][T17479]  ? create_io_worker+0xab/0x5c0
[ 3135.821272][T17479]  ? create_io_worker+0x27/0x5c0
[ 3135.821298][T17479]  create_io_worker+0xab/0x5c0
[ 3135.821329][T17479]  io_wq_enqueue+0x675/0x8a0
[ 3135.821352][T17479]  ? io_wq_enqueue+0x332/0x8a0
[ 3135.821371][T17479]  ? __pfx_io_wq_work_match_item+0x10/0x10
[ 3135.821400][T17479]  ? __pfx_io_req_task_submit+0x10/0x10
[ 3135.821424][T17479]  io_handle_tw_list+0x3db/0x540
[ 3135.821456][T17479]  tctx_task_work_run+0x55/0x330
[ 3135.821468][T17479]  tctx_task_work+0x3f/0x90
[ 3135.821477][T17479]  task_work_run+0x1d9/0x270
[ 3135.821491][T17479]  ? __pfx_task_work_run+0x10/0x10
[ 3135.821501][T17479]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 3135.821529][T17479]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 3135.821560][T17479]  get_signal+0x11eb/0x1330
[ 3135.821594][T17479]  ? __se_sys_io_uring_enter+0x143e/0x18c0
[ 3135.821615][T17479]  arch_do_signal_or_restart+0xbc/0x830
[ 3135.821629][T17479]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 3135.821645][T17479]  ? ksys_write+0x1fc/0x270
[ 3135.821660][T17479]  exit_to_user_mode_loop+0x86/0x480
[ 3135.821680][T17479]  ? rcu_is_watching+0x15/0xb0
[ 3135.821710][T17479]  do_syscall_64+0x32d/0xf80
[ 3135.821736][T17479]  ? trace_irq_disable+0x3b/0x150
[ 3135.821758][T17479]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3135.821768][T17479]  ? clear_bhb_loop+0x40/0x90
[ 3135.821781][T17479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3135.821792][T17479] RIP: 0033:0x7ff226d9c629
[ 3135.821803][T17479] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3135.821816][T17479] RSP: 002b:00007ff227ba8028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3135.821837][T17479] RAX: 0000000000000004 RBX: 00007ff227015fa0 RCX: 00007ff226d9c629
[ 3135.821850][T17479] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000
[ 3135.821862][T17479] RBP: 00007ff227ba8090 R08: 0000000000000000 R09: 0000000000000000
[ 3135.821874][T17479] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001
[ 3135.821885][T17479] R13: 00007ff227016038 R14: 00007ff227015fa0 R15: 00007ff22713fa48
[ 3135.821907][T17479]  </TASK>
[ 3135.899788][T19077] usb usb6-port1: attempt power cycle
[ 3136.145381][ T4498] gspca_zc3xx: reg_w_i err -71
[ 3136.440764][T10602] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[ 3136.520981][T19077] usb 6-1: new low-speed USB device number 68 using dummy_hcd
[ 3136.541585][T19077] usb 6-1: device descriptor read/8, error -71
[ 3136.592405][T10602] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 3136.601677][T10602] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3136.618159][T10602] usb 5-1: config 0 descriptor??
[ 3136.637277][T10602] cp210x 5-1:0.0: cp210x converter detected
[ 3136.731255][ T4498] gspca_zc3xx: Unknown sensor - set to TAS5130C
[ 3136.737784][ T4498] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71
[ 3136.751603][ T4498] usb 4-1: USB disconnect, device number 127
[ 3136.780960][T19077] usb 6-1: new low-speed USB device number 69 using dummy_hcd
[ 3136.802756][T19077] usb 6-1: device descriptor read/8, error -71
[ 3136.838573][T10602] usb 5-1: cp210x converter now attached to ttyUSB0
[ 3136.911002][   T10] usb 2-1: new full-speed USB device number 40 using dummy_hcd
[ 3136.920820][T19077] usb usb6-port1: unable to enumerate USB device
[ 3137.039905][ T4490] usb 5-1: USB disconnect, device number 112
[ 3137.050852][ T4490] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 3137.059484][ T4490] cp210x 5-1:0.0: device disconnected
[ 3137.086091][   T10] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 3137.103057][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3137.121252][   T10] usb 2-1: Product: syz
[ 3137.136077][   T10] usb 2-1: Manufacturer: syz
[ 3137.158994][   T10] usb 2-1: SerialNumber: syz
[ 3137.179979][   T10] usb 2-1: config 0 descriptor??
[ 3137.235168][T17511] veth1_macvtap: left allmulticast mode
[ 3137.394481][   T10] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 3137.481289][T19077] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[ 3137.646285][T19077] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 3137.657921][T19077] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3137.666885][T19077] usb 1-1: Product: syz
[ 3137.672856][T19077] usb 1-1: Manufacturer: syz
[ 3137.677543][T19077] usb 1-1: SerialNumber: syz
[ 3138.101485][T19077] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 3138.115469][T19077] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 3138.708451][T17544] netlink: 316 bytes leftover after parsing attributes in process `syz.5.13226'.
[ 3138.836670][   T10] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 3138.901337][   T10] usb 2-1: USB disconnect, device number 40
[ 3139.346072][T19077] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 3139.433802][T17564] FAULT_INJECTION: forcing a failure.
[ 3139.433802][T17564] name failslab, interval 1, probability 0, space 0, times 0
[ 3139.475532][T17564] CPU: 1 UID: 0 PID: 17564 Comm: syz.5.13232 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3139.475563][T17564] Tainted: [L]=SOFTLOCKUP
[ 3139.475571][T17564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3139.475583][T17564] Call Trace:
[ 3139.475591][T17564]  <TASK>
[ 3139.475600][T17564]  dump_stack_lvl+0xe8/0x150
[ 3139.475629][T17564]  should_fail_ex+0x412/0x560
[ 3139.475653][T17564]  ? __d_alloc+0x37/0x6f0
[ 3139.475679][T17564]  should_failslab+0xa8/0x100
[ 3139.475704][T17564]  kmem_cache_alloc_lru_noprof+0x87/0x640
[ 3139.475742][T17564]  __d_alloc+0x37/0x6f0
[ 3139.475773][T17564]  d_alloc+0x4b/0x190
[ 3139.475799][T17564]  ? lookup_one_qstr_excl+0xc8/0x360
[ 3139.475827][T17564]  lookup_one_qstr_excl+0xdc/0x360
[ 3139.475853][T17564]  ? lookup_noperm_common+0x245/0x430
[ 3139.475882][T17564]  start_dirop+0x5c/0x90
[ 3139.475909][T17564]  simple_start_creating+0xcc/0x110
[ 3139.475937][T17564]  ? __pfx_simple_start_creating+0x10/0x10
[ 3139.475965][T17564]  ? do_raw_spin_unlock+0xf5/0x210
[ 3139.475985][T17564]  ? mntput+0x65/0xc0
[ 3139.476018][T17564]  debugfs_start_creating+0xdb/0x1a0
[ 3139.476046][T17564]  __debugfs_create_file+0x6f/0x400
[ 3139.476076][T17564]  debugfs_create_file_full+0x3f/0x60
[ 3139.476104][T17564]  ref_tracker_dir_debugfs+0x197/0x360
[ 3139.476128][T17564]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[ 3139.476174][T17564]  ? __kvmalloc_node_noprof+0x545/0x8a0
[ 3139.476195][T17564]  ? alloc_netdev_mqs+0xa6/0x11b0
[ 3139.476218][T17564]  ? __raw_spin_lock_init+0x45/0x100
[ 3139.476237][T17564]  alloc_netdev_mqs+0x272/0x11b0
[ 3139.476255][T17564]  ? __pfx_ipvlan_link_setup+0x10/0x10
[ 3139.476280][T17564]  rtnl_create_link+0x31f/0xd70
[ 3139.476306][T17564]  rtnl_newlink_create+0x277/0xb70
[ 3139.476332][T17564]  ? __pfx___nla_validate_parse+0x10/0x10
[ 3139.476365][T17564]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 3139.476393][T17564]  ? __pfx___mutex_lock+0x10/0x10
[ 3139.476420][T17564]  ? ns_capable+0x89/0xe0
[ 3139.476447][T17564]  rtnl_newlink+0x1666/0x1be0
[ 3139.476484][T17564]  ? __pfx_rtnl_newlink+0x10/0x10
[ 3139.476516][T17564]  ? __lock_acquire+0x6b5/0x2cf0
[ 3139.476546][T17564]  ? __lock_acquire+0x6b5/0x2cf0
[ 3139.476572][T17564]  ? __lock_acquire+0x6b5/0x2cf0
[ 3139.476606][T17564]  ? unwind_next_frame+0xa5/0x23c0
[ 3139.476654][T17564]  ? __lock_acquire+0x6b5/0x2cf0
[ 3139.476682][T17564]  ? is_bpf_text_address+0x26/0x2b0
[ 3139.476705][T17564]  ? kernel_text_address+0xa5/0xe0
[ 3139.476751][T17564]  ? __pfx_rtnl_newlink+0x10/0x10
[ 3139.476774][T17564]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 3139.476801][T17564]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 3139.476824][T17564]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 3139.476851][T17564]  ? __lock_acquire+0x6b5/0x2cf0
[ 3139.476884][T17564]  netlink_rcv_skb+0x232/0x4b0
[ 3139.476909][T17564]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 3139.476933][T17564]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 3139.476967][T17564]  ? netlink_deliver_tap+0x2e/0x1b0
[ 3139.477003][T17564]  netlink_unicast+0x80f/0x9b0
[ 3139.477032][T17564]  ? __pfx_netlink_unicast+0x10/0x10
[ 3139.477054][T17564]  ? netlink_sendmsg+0x650/0xb40
[ 3139.477074][T17564]  ? skb_put+0x11b/0x210
[ 3139.477103][T17564]  netlink_sendmsg+0x813/0xb40
[ 3139.477135][T17564]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3139.477161][T17564]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 3139.477184][T17564]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 3139.477206][T17564]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3139.477227][T17564]  ____sys_sendmsg+0xa68/0xad0
[ 3139.477261][T17564]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3139.477296][T17564]  ? import_iovec+0x73/0xa0
[ 3139.477325][T17564]  ___sys_sendmsg+0x2a5/0x360
[ 3139.477357][T17564]  ? __pfx____sys_sendmsg+0x10/0x10
[ 3139.477416][T17564]  ? __fget_files+0x2a/0x420
[ 3139.477441][T17564]  ? __fget_files+0x3a0/0x420
[ 3139.477474][T17564]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 3139.477504][T17564]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 3139.477543][T17564]  ? __pfx_ksys_write+0x10/0x10
[ 3139.477574][T17564]  do_syscall_64+0x14d/0xf80
[ 3139.477600][T17564]  ? trace_irq_disable+0x3b/0x150
[ 3139.477626][T17564]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3139.477646][T17564]  ? clear_bhb_loop+0x40/0x90
[ 3139.477669][T17564]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3139.477688][T17564] RIP: 0033:0x7f4748f9c629
[ 3139.477707][T17564] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3139.477724][T17564] RSP: 002b:00007f47471f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3139.477744][T17564] RAX: ffffffffffffffda RBX: 00007f4749215fa0 RCX: 00007f4748f9c629
[ 3139.477758][T17564] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[ 3139.477771][T17564] RBP: 00007f47471f6090 R08: 0000000000000000 R09: 0000000000000000
[ 3139.477782][T17564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3139.477794][T17564] R13: 00007f4749216038 R14: 00007f4749215fa0 R15: 00007f474933fa48
[ 3139.477825][T17564]  </TASK>
[ 3140.082220][T17576] netlink: 'syz.5.13238': attribute type 89 has an invalid length.
[ 3140.212188][T17582] Invalid option length (0) for dns_resolver key
[ 3140.284744][T17585] FAULT_INJECTION: forcing a failure.
[ 3140.284744][T17585] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3140.300302][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 3140.308911][T17585] CPU: 0 UID: 0 PID: 17585 Comm: syz.5.13242 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3140.308944][T17585] Tainted: [L]=SOFTLOCKUP
[ 3140.308951][T17585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3140.308963][T17585] Call Trace:
[ 3140.308971][T17585]  <TASK>
[ 3140.308980][T17585]  dump_stack_lvl+0xe8/0x150
[ 3140.309012][T17585]  should_fail_ex+0x412/0x560
[ 3140.309040][T17585]  _copy_from_user+0x2d/0xb0
[ 3140.309068][T17585]  kstrtouint_from_user+0xd6/0x180
[ 3140.309093][T17585]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 3140.309131][T17585]  proc_fail_nth_write+0x8e/0x210
[ 3140.309157][T17585]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 3140.309187][T17585]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 3140.309213][T17585]  vfs_write+0x29a/0xb90
[ 3140.309241][T17585]  ? __pfx_vfs_write+0x10/0x10
[ 3140.309262][T17585]  ? __fget_files+0x2a/0x420
[ 3140.309291][T17585]  ? __fget_files+0x3a0/0x420
[ 3140.309316][T17585]  ? __fget_files+0x2a/0x420
[ 3140.309348][T17585]  ksys_write+0x150/0x270
[ 3140.309370][T17585]  ? __pfx_ksys_write+0x10/0x10
[ 3140.309399][T17585]  do_syscall_64+0x14d/0xf80
[ 3140.309426][T17585]  ? trace_irq_disable+0x3b/0x150
[ 3140.309453][T17585]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3140.309472][T17585]  ? clear_bhb_loop+0x40/0x90
[ 3140.309495][T17585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3140.309514][T17585] RIP: 0033:0x7f4748f5cece
[ 3140.309533][T17585] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 3140.309549][T17585] RSP: 002b:00007f47471f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 3140.309569][T17585] RAX: ffffffffffffffda RBX: 00007f47471f66c0 RCX: 00007f4748f5cece
[ 3140.309583][T17585] RDX: 0000000000000001 RSI: 00007f47471f60a0 RDI: 0000000000000004
[ 3140.309595][T17585] RBP: 00007f47471f6090 R08: 0000000000000000 R09: 0000000000000000
[ 3140.309607][T17585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3140.309618][T17585] R13: 00007f4749216038 R14: 00007f4749215fa0 R15: 00007f474933fa48
[ 3140.309648][T17585]  </TASK>
[ 3140.648567][T19077] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001020. ret = -EPROTO
[ 3140.668864][T19077] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[ 3140.681790][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3140.693025][   T10] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 3140.699074][T17589] FAULT_INJECTION: forcing a failure.
[ 3140.699074][T17589] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3140.702181][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3140.703917][T19077] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 3140.718439][T17589] CPU: 1 UID: 0 PID: 17589 Comm: syz.1.13244 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3140.718468][T17589] Tainted: [L]=SOFTLOCKUP
[ 3140.718475][T17589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3140.718486][T17589] Call Trace:
[ 3140.718494][T17589]  <TASK>
[ 3140.718502][T17589]  dump_stack_lvl+0xe8/0x150
[ 3140.718533][T17589]  should_fail_ex+0x412/0x560
[ 3140.718559][T17589]  _copy_to_user+0x31/0xb0
[ 3140.718586][T17589]  simple_read_from_buffer+0xe1/0x170
[ 3140.718615][T17589]  proc_fail_nth_read+0x1bb/0x230
[ 3140.718642][T17589]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 3140.718677][T17589]  ? rw_verify_area+0x2a6/0x4d0
[ 3140.718694][T17589]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 3140.718719][T17589]  vfs_read+0x20c/0xa70
[ 3140.718735][T17589]  ? fdget_pos+0x246/0x320
[ 3140.718764][T17589]  ? __pfx___mutex_lock+0x10/0x10
[ 3140.718784][T17589]  ? __pfx_vfs_read+0x10/0x10
[ 3140.718803][T17589]  ? __fget_files+0x2a/0x420
[ 3140.718830][T17589]  ? __fget_files+0x3a0/0x420
[ 3140.718854][T17589]  ? __fget_files+0x2a/0x420
[ 3140.718886][T17589]  ksys_read+0x150/0x270
[ 3140.718905][T17589]  ? __pfx_ksys_read+0x10/0x10
[ 3140.718933][T17589]  do_syscall_64+0x14d/0xf80
[ 3140.718959][T17589]  ? trace_irq_disable+0x3b/0x150
[ 3140.718985][T17589]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3140.719003][T17589]  ? clear_bhb_loop+0x40/0x90
[ 3140.719026][T17589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3140.719044][T17589] RIP: 0033:0x7ff226d5cece
[ 3140.719061][T17589] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 3140.719078][T17589] RSP: 002b:00007ff227ba7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 3140.719098][T17589] RAX: ffffffffffffffda RBX: 00007ff227ba86c0 RCX: 00007ff226d5cece
[ 3140.719112][T17589] RDX: 000000000000000f RSI: 00007ff227ba80a0 RDI: 0000000000000004
[ 3140.719124][T17589] RBP: 00007ff227ba8090 R08: 0000000000000000 R09: 0000000000000000
[ 3140.719135][T17589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3140.719147][T17589] R13: 00007ff227016038 R14: 00007ff227015fa0 R15: 00007ff22713fa48
[ 3140.719174][T17589]  </TASK>
[ 3140.860916][ T4492] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[ 3140.867215][   T10] usb 4-1: config 0 descriptor??
[ 3140.969269][T19077] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 3140.990285][T19077] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71
[ 3141.006970][T19077] usb 1-1: USB disconnect, device number 57
[ 3141.041775][ T4492] usb 6-1: too many configurations: 94, using maximum allowed: 8
[ 3141.063709][ T4492] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 3141.090983][ T4492] usb 6-1: can't read configurations, error -61
[ 3141.184424][   T10] usbhid 4-1:0.0: can't add hid device: -71
[ 3141.190486][   T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 3141.206389][T17601] netlink: 'syz.1.13249': attribute type 11 has an invalid length.
[ 3141.217686][   T10] usb 4-1: USB disconnect, device number 2
[ 3141.224608][T17601] netlink: 104 bytes leftover after parsing attributes in process `syz.1.13249'.
[ 3141.237711][ T4492] usb 6-1: new high-speed USB device number 71 using dummy_hcd
[ 3141.401499][ T4492] usb 6-1: too many configurations: 94, using maximum allowed: 8
[ 3141.411183][ T4492] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 3141.418823][ T4492] usb 6-1: can't read configurations, error -61
[ 3141.426335][ T4492] usb usb6-port1: attempt power cycle
[ 3141.560897][ T4490] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[ 3141.700766][   T10] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[ 3141.721488][ T4490] usb 2-1: Using ep0 maxpacket: 16
[ 3141.728233][ T4490] usb 2-1: config 0 has an invalid interface number: 214 but max is 0
[ 3141.736735][ T4490] usb 2-1: config 0 has no interface number 0
[ 3141.743010][ T4490] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 3141.754697][ T4490] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[ 3141.764395][ T4490] usb 2-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[ 3141.772454][ T4490] usb 2-1: Manufacturer: syz
[ 3141.777067][ T4490] usb 2-1: SerialNumber: syz
[ 3141.781945][ T4492] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[ 3141.791706][ T4490] usb 2-1: config 0 descriptor??
[ 3141.821739][ T4492] usb 6-1: too many configurations: 94, using maximum allowed: 8
[ 3141.832911][ T4492] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 3141.840732][ T4492] usb 6-1: can't read configurations, error -61
[ 3141.853229][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 3141.864898][   T10] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 3141.874098][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3141.884901][   T10] usb 4-1: config 0 descriptor??
[ 3141.899002][   T10] hub 4-1:0.0: USB hub found
[ 3141.970881][ T4492] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[ 3141.992321][ T4492] usb 6-1: too many configurations: 94, using maximum allowed: 8
[ 3142.006649][ T4492] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 3142.014955][ T4492] usb 6-1: can't read configurations, error -61
[ 3142.021896][ T4492] usb usb6-port1: unable to enumerate USB device
[ 3142.093618][   T10] hub 4-1:0.0: 1 port detected
[ 3142.209451][T17607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3142.217806][T17613] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13253'.
[ 3142.226691][T17613] macvlan2: entered promiscuous mode
[ 3142.233969][T17613] bond0: entered promiscuous mode
[ 3142.239181][T17613] bond_slave_0: entered promiscuous mode
[ 3142.243484][T17607] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3142.245861][T17613] bond_slave_1: entered promiscuous mode
[ 3142.364501][ T4490] usbtouchscreen 2-1:0.214: probe with driver usbtouchscreen failed with error -71
[ 3142.377353][ T4490] usb 2-1: USB disconnect, device number 41
[ 3142.431042][T19077] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[ 3142.580912][ T4502] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[ 3142.585336][T19077] usb 1-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50
[ 3142.597928][T19077] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3142.606124][T19077] usb 1-1: Product: syz
[ 3142.610453][T19077] usb 1-1: Manufacturer: syz
[ 3142.615630][T19077] usb 1-1: SerialNumber: syz
[ 3142.622776][T19077] usb 1-1: config 0 descriptor??
[ 3142.631157][T19077] usb 1-1: Waiting for MOTU Microbook II to boot up...
[ 3142.638566][T19077] usb 1-1: failed setting the sample rate for Motu MicroBook II: -22
[ 3142.647028][T19077] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22
[ 3142.740927][ T4502] usb 5-1: Using ep0 maxpacket: 8
[ 3142.747747][ T4502] usb 5-1: config 0 has an invalid interface number: 101 but max is 12
[ 3142.756323][ T4502] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13
[ 3142.765502][ T4502] usb 5-1: config 0 has no interface number 0
[ 3142.771780][ T4502] usb 5-1: too many endpoints for config 0 interface 101 altsetting 115: 51, using maximum allowed: 30
[ 3142.783560][ T4502] usb 5-1: config 0 interface 101 altsetting 115 has 0 endpoint descriptors, different from the interface descriptor's value: 51
[ 3142.797145][ T4502] usb 5-1: config 0 interface 101 has no altsetting 0
[ 3142.806243][ T4502] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[ 3142.815612][ T4502] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3142.823828][ T4502] usb 5-1: Product: syz
[ 3142.828010][ T4502] usb 5-1: Manufacturer: syz
[ 3142.832745][ T4502] usb 5-1: SerialNumber: syz
[ 3142.840056][ T4502] usb 5-1: config 0 descriptor??
[ 3142.863897][T17611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3142.881742][T17611] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3143.057148][T19077] usb 1-1: USB disconnect, device number 58
[ 3143.066925][ T4502] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[ 3143.104379][   T10] hub 4-1:0.0: hub_hub_status failed (err = -71)
[ 3143.134262][   T10] hub 4-1:0.0: get_hub_status failed
[ 3143.175167][   T10] usb 4-1: USB disconnect, device number 3
[ 3143.870303][   T30] kauditd_printk_skb: 12 callbacks suppressed
[ 3143.870322][   T30] audit: type=1326 audit(1772033808.868:16632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17624 comm="syz.5.13257" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4748f9c629 code=0x0
[ 3144.048167][T17636] netlink: 28 bytes leftover after parsing attributes in process `syz.5.13257'.
[ 3144.300080][T17648] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13264'.
[ 3144.300474][ T4502] gspca_zc3xx: reg_w_i err -71
[ 3144.322772][T17648] macvlan2: entered promiscuous mode
[ 3144.328333][T17648] bond0: entered promiscuous mode
[ 3144.335325][T17648] bond_slave_0: entered promiscuous mode
[ 3144.342329][T17648] bond_slave_1: entered promiscuous mode
[ 3144.391455][T17653] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 3144.462458][T17657] FAULT_INJECTION: forcing a failure.
[ 3144.462458][T17657] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3144.475840][T17657] CPU: 1 UID: 0 PID: 17657 Comm: syz.1.13268 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3144.475870][T17657] Tainted: [L]=SOFTLOCKUP
[ 3144.475878][T17657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3144.475890][T17657] Call Trace:
[ 3144.475899][T17657]  <TASK>
[ 3144.475905][T17657]  dump_stack_lvl+0xe8/0x150
[ 3144.475925][T17657]  should_fail_ex+0x412/0x560
[ 3144.475941][T17657]  _copy_from_user+0x2d/0xb0
[ 3144.475960][T17657]  csum_and_copy_from_iter_full+0x1e7/0x1f00
[ 3144.476000][T17657]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[ 3144.476031][T17657]  ? rcu_is_watching+0x15/0xb0
[ 3144.476054][T17657]  ? trace_kmem_cache_alloc+0x29/0xf0
[ 3144.476082][T17657]  ip_generic_getfrag+0x149/0x2d0
[ 3144.476112][T17657]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 3144.476139][T17657]  ? __alloc_skb+0x4e5/0x7d0
[ 3144.476152][T17657]  ? skb_put+0x11b/0x210
[ 3144.476167][T17657]  __ip_append_data+0x3995/0x3f30
[ 3144.476190][T17657]  ? __pfx_raw_getfrag+0x10/0x10
[ 3144.476215][T17657]  ? __pfx___ip_append_data+0x10/0x10
[ 3144.476229][T17657]  ? ipv4_mtu+0x53b/0x650
[ 3144.476241][T17657]  ? ipv4_mtu+0x23/0x650
[ 3144.476262][T17657]  ? __pfx_ipv4_mtu+0x10/0x10
[ 3144.476274][T17657]  ? ip_setup_cork+0x57e/0xa50
[ 3144.476289][T17657]  ip_append_data+0x10d/0x190
[ 3144.476305][T17657]  ? __pfx_raw_getfrag+0x10/0x10
[ 3144.476319][T17657]  raw_sendmsg+0x14bb/0x1a50
[ 3144.476342][T17657]  ? __pfx_raw_sendmsg+0x10/0x10
[ 3144.476363][T17657]  ? aa_sk_perm+0x6d5/0x900
[ 3144.476378][T17657]  ? __pfx_aa_sk_perm+0x10/0x10
[ 3144.476388][T17657]  ? tomoyo_socket_sendmsg_permission+0x215/0x300
[ 3144.476404][T17657]  ? sock_rps_record_flow+0x19/0x400
[ 3144.476421][T17657]  ? inet_sendmsg+0x2f4/0x370
[ 3144.476435][T17657]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 3144.476448][T17657]  ____sys_sendmsg+0x894/0xad0
[ 3144.476468][T17657]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3144.476488][T17657]  ? import_iovec+0x73/0xa0
[ 3144.476507][T17657]  ___sys_sendmsg+0x2a5/0x360
[ 3144.476524][T17657]  ? __pfx____sys_sendmsg+0x10/0x10
[ 3144.476555][T17657]  ? __fget_files+0x2a/0x420
[ 3144.476570][T17657]  ? __fget_files+0x3a0/0x420
[ 3144.476588][T17657]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 3144.476604][T17657]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 3144.476624][T17657]  ? __pfx_ksys_write+0x10/0x10
[ 3144.476648][T17657]  do_syscall_64+0x14d/0xf80
[ 3144.476675][T17657]  ? trace_irq_disable+0x3b/0x150
[ 3144.476699][T17657]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3144.476717][T17657]  ? clear_bhb_loop+0x40/0x90
[ 3144.476739][T17657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3144.476751][T17657] RIP: 0033:0x7ff226d9c629
[ 3144.476763][T17657] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3144.476772][T17657] RSP: 002b:00007ff227ba8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3144.476785][T17657] RAX: ffffffffffffffda RBX: 00007ff227015fa0 RCX: 00007ff226d9c629
[ 3144.476793][T17657] RDX: 0000000000000000 RSI: 0000200000001000 RDI: 0000000000000004
[ 3144.476800][T17657] RBP: 00007ff227ba8090 R08: 0000000000000000 R09: 0000000000000000
[ 3144.476806][T17657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3144.476813][T17657] R13: 00007ff227016038 R14: 00007ff227015fa0 R15: 00007ff22713fa48
[ 3144.476829][T17657]  </TASK>
[ 3144.825427][T17616] syzkaller0: entered promiscuous mode
[ 3144.831170][T17616] syzkaller0: entered allmulticast mode
[ 3144.841326][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 3144.847667][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 3144.933792][ T4502] gspca_zc3xx: Unknown sensor - set to TAS5130C
[ 3144.941777][ T4502] gspca_zc3xx 5-1:0.101: probe with driver gspca_zc3xx failed with error -71
[ 3144.963211][ T4502] usb 5-1: USB disconnect, device number 113
[ 3144.970887][ T4490] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[ 3145.130731][ T4490] usb 4-1: Using ep0 maxpacket: 32
[ 3145.161239][ T4490] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[ 3145.169458][ T4490] usb 4-1: config 0 has no interface number 0
[ 3145.194453][ T4490] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 3145.207134][ T4490] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 3145.227084][T17675] xt_hashlimit: max too large, truncated to 1048576
[ 3145.234448][ T4490] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3145.249573][ T4490] usb 4-1: Product: syz
[ 3145.267114][ T4490] usb 4-1: Manufacturer: syz
[ 3145.301918][ T4490] usb 4-1: SerialNumber: syz
[ 3145.310095][ T4490] usb 4-1: config 0 descriptor??
[ 3145.332400][T17677] FAULT_INJECTION: forcing a failure.
[ 3145.332400][T17677] name failslab, interval 1, probability 0, space 0, times 0
[ 3145.333216][ T4490] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 3145.356333][ T4490] em28xx 4-1:0.132: Video interface 132 found:
[ 3145.372032][T17677] CPU: 0 UID: 0 PID: 17677 Comm: syz.1.13273 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3145.372056][T17677] Tainted: [L]=SOFTLOCKUP
[ 3145.372064][T17677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3145.372076][T17677] Call Trace:
[ 3145.372084][T17677]  <TASK>
[ 3145.372093][T17677]  dump_stack_lvl+0xe8/0x150
[ 3145.372125][T17677]  should_fail_ex+0x412/0x560
[ 3145.372146][T17677]  should_failslab+0xa8/0x100
[ 3145.372161][T17677]  __kmalloc_cache_noprof+0x88/0x660
[ 3145.372172][T17677]  ? snd_pcm_hw_param_near+0x7f/0x4d0
[ 3145.372188][T17677]  snd_pcm_hw_param_near+0x7f/0x4d0
[ 3145.372211][T17677]  ? __asan_memset+0x22/0x50
[ 3145.372245][T17677]  snd_pcm_oss_change_params_locked+0x1f86/0x3e00
[ 3145.372290][T17677]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 3145.372315][T17677]  snd_pcm_oss_write+0x27c/0xbd0
[ 3145.372332][T17677]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[ 3145.372345][T17677]  vfs_write+0x29a/0xb90
[ 3145.372371][T17677]  ? __pfx_vfs_write+0x10/0x10
[ 3145.372393][T17677]  ? __fget_files+0x2a/0x420
[ 3145.372421][T17677]  ? __fget_files+0x2a/0x420
[ 3145.372441][T17677]  ? __fget_files+0x3a0/0x420
[ 3145.372456][T17677]  ? __fget_files+0x2a/0x420
[ 3145.372474][T17677]  ksys_write+0x150/0x270
[ 3145.372486][T17677]  ? __pfx_ksys_write+0x10/0x10
[ 3145.372507][T17677]  do_syscall_64+0x14d/0xf80
[ 3145.372535][T17677]  ? trace_irq_disable+0x3b/0x150
[ 3145.372561][T17677]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3145.372580][T17677]  ? clear_bhb_loop+0x40/0x90
[ 3145.372594][T17677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3145.372604][T17677] RIP: 0033:0x7ff226d9c629
[ 3145.372615][T17677] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3145.372624][T17677] RSP: 002b:00007ff227ba8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 3145.372636][T17677] RAX: ffffffffffffffda RBX: 00007ff227015fa0 RCX: 00007ff226d9c629
[ 3145.372645][T17677] RDX: 0000000000088020 RSI: 0000200000002000 RDI: 0000000000000003
[ 3145.372656][T17677] RBP: 00007ff227ba8090 R08: 0000000000000000 R09: 0000000000000000
[ 3145.372667][T17677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3145.372679][T17677] R13: 00007ff227016038 R14: 00007ff227015fa0 R15: 00007ff22713fa48
[ 3145.372708][T17677]  </TASK>
[ 3145.735288][T17684] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13276'.
[ 3145.753363][T17684] macvlan3: entered promiscuous mode
[ 3145.845983][ T4490] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[ 3146.040847][ T4502] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[ 3146.193046][ T4502] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 3146.209249][ T4502] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 3146.222755][ T4502] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[ 3146.238013][ T4502] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 3146.247355][ T4502] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3146.255477][ T4502] usb 2-1: Product: syz
[ 3146.259702][ T4502] usb 2-1: Manufacturer: syz
[ 3146.265698][ T4490] em28xx 4-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[ 3146.278957][ T4502] usb 2-1: SerialNumber: syz
[ 3146.285149][ T4490] em28xx 4-1:0.132: board has no eeprom
[ 3146.293304][ T4502] usb 2-1: config 0 descriptor??
[ 3146.298934][T17688] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 3146.318036][T17688] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 3146.333405][ T4502] usb 2-1: ucan: probing device on interface #0
[ 3146.380869][ T4490] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 3146.388851][ T4490] em28xx 4-1:0.132: analog set to bulk mode.
[ 3146.395871][ T4492] em28xx 4-1:0.132: Registering V4L2 extension
[ 3146.462381][T19077] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[ 3146.566408][T17650] netlink: 'syz.3.13265': attribute type 10 has an invalid length.
[ 3146.579002][T17650] team0: Port device dummy0 added
[ 3146.587923][T17650] netlink: 'syz.3.13265': attribute type 10 has an invalid length.
[ 3146.600837][ T4490] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[ 3146.601296][T17650] team0: Failed to send port change of device dummy0 via netlink (err -105)
[ 3146.631088][T19077] usb 6-1: Using ep0 maxpacket: 32
[ 3146.640917][T17695] netlink: zone id is out of range
[ 3146.646159][T17695] netlink: zone id is out of range
[ 3146.654399][T19077] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[ 3146.671400][T19077] usb 6-1: config 0 has no interface number 0
[ 3146.678047][T17695] netlink: zone id is out of range
[ 3146.686165][T17695] netlink: zone id is out of range
[ 3146.694342][T19077] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 3146.704381][T17650] team0: Failed to send options change via netlink (err -105)
[ 3146.712299][T19077] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3146.720527][T19077] usb 6-1: Product: syz
[ 3146.725185][T17695] netlink: zone id is out of range
[ 3146.730983][T17695] netlink: zone id is out of range
[ 3146.736223][T17695] netlink: zone id is out of range
[ 3146.742495][T17650] team0: Failed to send port change of device dummy0 via netlink (err -105)
[ 3146.751370][T19077] usb 6-1: Manufacturer: syz
[ 3146.755985][T19077] usb 6-1: SerialNumber: syz
[ 3146.761020][ T4490] usb 5-1: device descriptor read/64, error -71
[ 3146.762842][T17650] team0: Port device dummy0 removed
[ 3146.774188][T17695] netlink: zone id is out of range
[ 3146.782886][T19077] usb 6-1: config 0 descriptor??
[ 3146.790578][T17695] netlink: zone id is out of range
[ 3146.801236][T17650] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 3146.877832][ T4492] em28xx 4-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[ 3146.903423][ T4500] usb 4-1: USB disconnect, device number 4
[ 3146.931154][T17695] netlink: 'syz.1.13278': attribute type 1 has an invalid length.
[ 3146.933455][ T4492] em28xx 4-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[ 3146.950217][ T4500] em28xx 4-1:0.132: Disconnecting em28xx
[ 3147.010867][ T4490] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[ 3147.050650][ T4492] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[ 3147.057787][ T4492] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[ 3147.089965][ T4492] em28xx 4-1:0.132: No AC97 audio processor
[ 3147.107088][T17708] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13283'.
[ 3147.109717][ T4492] usb 4-1: Decoder not found
[ 3147.118102][T17708] FAULT_INJECTION: forcing a failure.
[ 3147.118102][T17708] name failslab, interval 1, probability 0, space 0, times 0
[ 3147.134262][ T4492] em28xx 4-1:0.132: failed to create media graph
[ 3147.136106][T17708] CPU: 0 UID: 0 PID: 17708 Comm: syz.0.13283 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3147.136136][T17708] Tainted: [L]=SOFTLOCKUP
[ 3147.136143][T17708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3147.136155][T17708] Call Trace:
[ 3147.136163][T17708]  <TASK>
[ 3147.136171][T17708]  dump_stack_lvl+0xe8/0x150
[ 3147.136206][T17708]  should_fail_ex+0x412/0x560
[ 3147.136230][T17708]  ? __d_alloc+0x37/0x6f0
[ 3147.136258][T17708]  should_failslab+0xa8/0x100
[ 3147.136282][T17708]  kmem_cache_alloc_lru_noprof+0x87/0x640
[ 3147.136326][T17708]  __d_alloc+0x37/0x6f0
[ 3147.136359][T17708]  d_alloc+0x4b/0x190
[ 3147.136384][T17708]  ? lookup_one_qstr_excl+0xc8/0x360
[ 3147.136412][T17708]  lookup_one_qstr_excl+0xdc/0x360
[ 3147.136437][T17708]  ? lookup_noperm_common+0x245/0x430
[ 3147.136465][T17708]  start_dirop+0x5c/0x90
[ 3147.136506][T17708]  simple_start_creating+0xcc/0x110
[ 3147.136533][T17708]  ? __pfx_simple_start_creating+0x10/0x10
[ 3147.136559][T17708]  ? do_raw_spin_unlock+0xf5/0x210
[ 3147.136579][T17708]  ? mntput+0x65/0xc0
[ 3147.136605][T17708]  debugfs_start_creating+0xdb/0x1a0
[ 3147.136631][T17708]  __debugfs_create_file+0x6f/0x400
[ 3147.136659][T17708]  debugfs_create_file_full+0x3f/0x60
[ 3147.136687][T17708]  ref_tracker_dir_debugfs+0x197/0x360
[ 3147.136710][T17708]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[ 3147.136757][T17708]  ? __kvmalloc_node_noprof+0x545/0x8a0
[ 3147.136786][T17708]  ? alloc_netdev_mqs+0xa6/0x11b0
[ 3147.136809][T17708]  ? __raw_spin_lock_init+0x45/0x100
[ 3147.136830][T17708]  alloc_netdev_mqs+0x272/0x11b0
[ 3147.136848][T17708]  ? __pfx_br_dev_setup+0x10/0x10
[ 3147.136876][T17708]  rtnl_create_link+0x31f/0xd70
[ 3147.136902][T17708]  rtnl_newlink_create+0x277/0xb70
[ 3147.136927][T17708]  ? __pfx___nla_validate_parse+0x10/0x10
[ 3147.136961][T17708]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 3147.136989][T17708]  ? __pfx___mutex_lock+0x10/0x10
[ 3147.137017][T17708]  ? ns_capable+0x89/0xe0
[ 3147.137044][T17708]  rtnl_newlink+0x1666/0x1be0
[ 3147.137081][T17708]  ? __pfx_rtnl_newlink+0x10/0x10
[ 3147.137112][T17708]  ? __lock_acquire+0x6b5/0x2cf0
[ 3147.137141][T17708]  ? __lock_acquire+0x6b5/0x2cf0
[ 3147.137165][T17708]  ? __lock_acquire+0x6b5/0x2cf0
[ 3147.137198][T17708]  ? unwind_next_frame+0xa5/0x23c0
[ 3147.137246][T17708]  ? __lock_acquire+0x6b5/0x2cf0
[ 3147.137271][T17708]  ? is_bpf_text_address+0x26/0x2b0
[ 3147.137303][T17708]  ? kernel_text_address+0xa5/0xe0
[ 3147.137349][T17708]  ? __pfx_rtnl_newlink+0x10/0x10
[ 3147.137371][T17708]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 3147.137397][T17708]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 3147.137420][T17708]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 3147.137446][T17708]  ? __lock_acquire+0x6b5/0x2cf0
[ 3147.137478][T17708]  netlink_rcv_skb+0x232/0x4b0
[ 3147.137501][T17708]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 3147.137525][T17708]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 3147.137557][T17708]  ? netlink_deliver_tap+0x2e/0x1b0
[ 3147.137586][T17708]  netlink_unicast+0x80f/0x9b0
[ 3147.137613][T17708]  ? __pfx_netlink_unicast+0x10/0x10
[ 3147.137635][T17708]  ? netlink_sendmsg+0x650/0xb40
[ 3147.137655][T17708]  ? skb_put+0x11b/0x210
[ 3147.137695][T17708]  netlink_sendmsg+0x813/0xb40
[ 3147.137726][T17708]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3147.137752][T17708]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 3147.137774][T17708]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 3147.137797][T17708]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3147.137818][T17708]  ____sys_sendmsg+0xa68/0xad0
[ 3147.137853][T17708]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3147.137887][T17708]  ? import_iovec+0x73/0xa0
[ 3147.137915][T17708]  ___sys_sendmsg+0x2a5/0x360
[ 3147.137946][T17708]  ? __pfx____sys_sendmsg+0x10/0x10
[ 3147.138004][T17708]  ? __fget_files+0x2a/0x420
[ 3147.138028][T17708]  ? __fget_files+0x3a0/0x420
[ 3147.138141][T17708]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 3147.138188][T17708]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 3147.138219][T17708]  ? __pfx_ksys_write+0x10/0x10
[ 3147.138247][T17708]  do_syscall_64+0x14d/0xf80
[ 3147.138275][T17708]  ? trace_irq_disable+0x3b/0x150
[ 3147.138302][T17708]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3147.138322][T17708]  ? clear_bhb_loop+0x40/0x90
[ 3147.138344][T17708]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3147.138364][T17708] RIP: 0033:0x7f64f459c629
[ 3147.138386][T17708] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 3147.138403][T17708] RSP: 002b:00007f64f54ea028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3147.138425][T17708] RAX: ffffffffffffffda RBX: 00007f64f4815fa0 RCX: 00007f64f459c629
[ 3147.138439][T17708] RDX: 0000000020040040 RSI: 0000200000000200 RDI: 0000000000000003
[ 3147.138451][T17708] RBP: 00007f64f54ea090 R08: 0000000000000000 R09: 0000000000000000
[ 3147.138463][T17708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3147.138475][T17708] R13: 00007f64f4816038 R14: 00007f64f4815fa0 R15: 00007f64f493fa48
[ 3147.138504][T17708]  </TASK>
[ 3147.265063][T19077] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 3147.269853][ T4490] usb 5-1: device descriptor read/64, error -71
[ 3147.320772][T19077] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 3147.336899][ T4492] em28xx 4-1:0.132: V4L2 device video103 deregistered
[ 3147.675404][T17711] xt_hashlimit: max too large, truncated to 1048576
[ 3147.711846][ T4490] usb usb5-port1: attempt power cycle
[ 3147.722282][ T4492] em28xx 4-1:0.132: Remote control support is not available for this card.
[ 3147.731495][ T4500] em28xx 4-1:0.132: Closing input extension
[ 3147.737117][T17709] ==================================================================
[ 3147.745470][T17709] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xac/0x420
[ 3147.752835][T17709] Read of size 8 at addr ffff88803401c748 by task v4l_id/17709
[ 3147.760364][T17709] 
[ 3147.762690][T17709] CPU: 0 UID: 0 PID: 17709 Comm: v4l_id Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3147.762718][T17709] Tainted: [L]=SOFTLOCKUP
[ 3147.762724][T17709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3147.762736][T17709] Call Trace:
[ 3147.762744][T17709]  <TASK>
[ 3147.762752][T17709]  dump_stack_lvl+0xe8/0x150
[ 3147.762782][T17709]  print_report+0xba/0x230
[ 3147.762802][T17709]  ? v4l2_fh_open+0xac/0x420
[ 3147.762817][T17709]  kasan_report+0x117/0x150
[ 3147.762837][T17709]  ? v4l2_fh_open+0xac/0x420
[ 3147.762856][T17709]  v4l2_fh_open+0xac/0x420
[ 3147.762874][T17709]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 3147.762903][T17709]  em28xx_v4l2_open+0x157/0x9a0
[ 3147.762925][T17709]  ? do_raw_spin_lock+0x12b/0x2f0
[ 3147.762944][T17709]  v4l2_open+0x1bf/0x3a0
[ 3147.762961][T17709]  chrdev_open+0x4cd/0x5e0
[ 3147.762979][T17709]  ? __pfx_chrdev_open+0x10/0x10
[ 3147.762996][T17709]  ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[ 3147.763026][T17709]  ? __pfx_chrdev_open+0x10/0x10
[ 3147.763053][T17709]  do_dentry_open+0x785/0x14e0
[ 3147.763079][T17709]  vfs_open+0x3b/0x340
[ 3147.763097][T17709]  ? path_openat+0x2df0/0x3860
[ 3147.763114][T17709]  path_openat+0x2e08/0x3860
[ 3147.763136][T17709]  ? __pfx_stack_trace_save+0x10/0x10
[ 3147.763156][T17709]  ? stack_depot_save_flags+0x33/0x810
[ 3147.763181][T17709]  ? __pfx_path_openat+0x10/0x10
[ 3147.763198][T17709]  ? __x64_sys_openat+0x138/0x170
[ 3147.763222][T17709]  ? do_syscall_64+0x14d/0xf80
[ 3147.763247][T17709]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3147.763270][T17709]  ? __lock_acquire+0x6b5/0x2cf0
[ 3147.763294][T17709]  do_file_open+0x23e/0x4a0
[ 3147.763314][T17709]  ? __pfx_do_file_open+0x10/0x10
[ 3147.763341][T17709]  ? _raw_spin_unlock+0x28/0x50
[ 3147.763361][T17709]  ? alloc_fd+0x64b/0x6c0
[ 3147.763387][T17709]  do_sys_openat2+0x113/0x200
[ 3147.763412][T17709]  ? __pfx_do_sys_openat2+0x10/0x10
[ 3147.763433][T17709]  ? exc_page_fault+0x6a/0xc0
[ 3147.763458][T17709]  ? do_user_addr_fault+0xc6f/0x1340
[ 3147.763480][T17709]  __x64_sys_openat+0x138/0x170
[ 3147.763503][T17709]  do_syscall_64+0x14d/0xf80
[ 3147.763526][T17709]  ? trace_irq_disable+0x3b/0x150
[ 3147.763552][T17709]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3147.763569][T17709]  ? clear_bhb_loop+0x40/0x90
[ 3147.763589][T17709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3147.763607][T17709] RIP: 0033:0x7f6d024a7407
[ 3147.763623][T17709] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 3147.763638][T17709] RSP: 002b:00007ffc28b67180 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 3147.763657][T17709] RAX: ffffffffffffffda RBX: 00007f6d02c45880 RCX: 00007f6d024a7407
[ 3147.763670][T17709] RDX: 0000000000000000 RSI: 00007ffc28b67f1a RDI: ffffffffffffff9c
[ 3147.763683][T17709] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 3147.763694][T17709] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 3147.763704][T17709] R13: 00007ffc28b673d0 R14: 00007f6d02dac000 R15: 000055a7c43044d8
[ 3147.763724][T17709]  </TASK>
[ 3147.763731][T17709] 
[ 3148.065103][T17709] Allocated by task 4492:
[ 3148.069426][T17709]  kasan_save_track+0x3e/0x80
[ 3148.074095][T17709]  __kasan_kmalloc+0x93/0xb0
[ 3148.078673][T17709]  __kmalloc_cache_noprof+0x31c/0x660
[ 3148.084053][T17709]  em28xx_v4l2_init+0x10b/0x2e70
[ 3148.089003][T17709]  em28xx_init_extension+0x120/0x1c0
[ 3148.094402][T17709]  process_scheduled_works+0xb02/0x1830
[ 3148.099957][T17709]  worker_thread+0xa50/0xfc0
[ 3148.104563][T17709]  kthread+0x388/0x470
[ 3148.108637][T17709]  ret_from_fork+0x51e/0xb90
[ 3148.113229][T17709]  ret_from_fork_asm+0x1a/0x30
[ 3148.117992][T17709] 
[ 3148.120308][T17709] Freed by task 4492:
[ 3148.124276][T17709]  kasan_save_track+0x3e/0x80
[ 3148.128947][T17709]  kasan_save_free_info+0x46/0x50
[ 3148.133975][T17709]  __kasan_slab_free+0x5c/0x80
[ 3148.138737][T17709]  kfree+0x1c1/0x630
[ 3148.142635][T17709]  em28xx_v4l2_init+0x1683/0x2e70
[ 3148.147743][T17709]  em28xx_init_extension+0x120/0x1c0
[ 3148.153018][T17709]  process_scheduled_works+0xb02/0x1830
[ 3148.158648][T17709]  worker_thread+0xa50/0xfc0
[ 3148.163239][T17709]  kthread+0x388/0x470
[ 3148.167323][T17709]  ret_from_fork+0x51e/0xb90
[ 3148.171913][T17709]  ret_from_fork_asm+0x1a/0x30
[ 3148.176679][T17709] 
[ 3148.178993][T17709] The buggy address belongs to the object at ffff88803401c000
[ 3148.178993][T17709]  which belongs to the cache kmalloc-8k of size 8192
[ 3148.193040][T17709] The buggy address is located 1864 bytes inside of
[ 3148.193040][T17709]  freed 8192-byte region [ffff88803401c000, ffff88803401e000)
[ 3148.207008][T17709] 
[ 3148.209328][T17709] The buggy address belongs to the physical page:
[ 3148.215742][T17709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34018
[ 3148.224510][T17709] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 3148.233003][T17709] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 3148.240553][T17709] page_type: f5(slab)
[ 3148.244630][T17709] raw: 00fff00000000040 ffff88813fea9280 dead000000000100 dead000000000122
[ 3148.253217][T17709] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 3148.261814][T17709] head: 00fff00000000040 ffff88813fea9280 dead000000000100 dead000000000122
[ 3148.270478][T17709] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 3148.279141][T17709] head: 00fff00000000003 ffffea0000d00601 00000000ffffffff 00000000ffffffff
[ 3148.287803][T17709] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 3148.296460][T17709] page dumped because: kasan: bad access detected
[ 3148.302877][T17709] page_owner tracks the page as allocated
[ 3148.308577][T17709] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 11556, tgid 11541 (syz.4.1523), ts 566897487363, free_ts 560637923229
[ 3148.330120][T17709]  post_alloc_hook+0x231/0x280
[ 3148.334887][T17709]  get_page_from_freelist+0x24dc/0x2580
[ 3148.340438][T17709]  __alloc_frozen_pages_noprof+0x18d/0x380
[ 3148.346245][T17709]  allocate_slab+0x77/0x660
[ 3148.350749][T17709]  refill_objects+0x331/0x3c0
[ 3148.355453][T17709]  __pcs_replace_empty_main+0x2b9/0x620
[ 3148.360999][T17709]  __kmalloc_noprof+0x474/0x760
[ 3148.365840][T17709]  ops_init+0x7b/0x5c0
[ 3148.369996][T17709]  setup_net+0x118/0x340
[ 3148.374239][T17709]  copy_net_ns+0x50e/0x730
[ 3148.378735][T17709]  create_new_namespaces+0x3e7/0x6a0
[ 3148.384017][T17709]  unshare_nsproxy_namespaces+0x11a/0x160
[ 3148.389732][T17709]  ksys_unshare+0x4f4/0x900
[ 3148.394236][T17709]  __x64_sys_unshare+0x38/0x50
[ 3148.398998][T17709]  do_syscall_64+0x14d/0xf80
[ 3148.403586][T17709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3148.409558][T17709] page last free pid 11482 tgid 11482 stack trace:
[ 3148.416042][T17709]  __free_frozen_pages+0xc2b/0xdb0
[ 3148.421148][T17709]  __slab_free+0x263/0x2b0
[ 3148.425557][T17709]  qlist_free_all+0x97/0x100
[ 3148.430141][T17709]  kasan_quarantine_reduce+0x148/0x160
[ 3148.435597][T17709]  __kasan_slab_alloc+0x22/0x80
[ 3148.440475][T17709]  kmem_cache_alloc_noprof+0x2bc/0x650
[ 3148.445939][T17709]  vm_area_dup+0x2b/0x680
[ 3148.450265][T17709]  __split_vma+0x1dc/0xa40
[ 3148.454681][T17709]  vma_modify+0x91b/0x2060
[ 3148.459089][T17709]  vma_modify_flags+0x24b/0x330
[ 3148.464022][T17709]  mprotect_fixup+0x47a/0xa80
[ 3148.468694][T17709]  do_mprotect_pkey+0x8ab/0xcd0
[ 3148.473550][T17709]  __x64_sys_mprotect+0x80/0x90
[ 3148.478392][T17709]  do_syscall_64+0x14d/0xf80
[ 3148.482979][T17709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3148.488871][T17709] 
[ 3148.491271][T17709] Memory state around the buggy address:
[ 3148.496898][T17709]  ffff88803401c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3148.505040][T17709]  ffff88803401c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3148.513093][T17709] >ffff88803401c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3148.521140][T17709]                                               ^
[ 3148.527542][T17709]  ffff88803401c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3148.535592][T17709]  ffff88803401c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3148.543650][T17709] ==================================================================
[ 3148.561297][ T4502] ucan 2-1:0.0: probe with driver ucan failed with error -110
[ 3148.590157][T19077] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 3148.601885][T19077] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -61
[ 3148.613985][ T4490] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[ 3148.618481][T17709] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 3148.618509][T17709] CPU: 0 UID: 0 PID: 17709 Comm: v4l_id Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 3148.618536][T17709] Tainted: [L]=SOFTLOCKUP
[ 3148.618544][T17709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 3148.618556][T17709] Call Trace:
[ 3148.618564][T17709]  <TASK>
[ 3148.618573][T17709]  vpanic+0x56c/0xa60
[ 3148.618604][T17709]  ? __pfx_vpanic+0x10/0x10
[ 3148.618632][T17709]  panic+0xc5/0xd0
[ 3148.618655][T17709]  ? __pfx_panic+0x10/0x10
[ 3148.618678][T17709]  ? preempt_schedule_thunk+0x16/0x30
[ 3148.618700][T17709]  ? preempt_schedule_thunk+0x16/0x30
[ 3148.618720][T17709]  ? v4l2_fh_open+0xac/0x420
[ 3148.618738][T17709]  check_panic_on_warn+0x89/0xb0
[ 3148.618758][T17709]  ? v4l2_fh_open+0xac/0x420
[ 3148.618774][T17709]  end_report+0x73/0x180
[ 3148.618795][T17709]  ? v4l2_fh_open+0xac/0x420
[ 3148.618812][T17709]  kasan_report+0x128/0x150
[ 3148.618832][T17709]  ? v4l2_fh_open+0xac/0x420
[ 3148.618853][T17709]  v4l2_fh_open+0xac/0x420
[ 3148.618871][T17709]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 3148.618901][T17709]  em28xx_v4l2_open+0x157/0x9a0
[ 3148.618925][T17709]  ? do_raw_spin_lock+0x12b/0x2f0
[ 3148.618947][T17709]  v4l2_open+0x1bf/0x3a0
[ 3148.618966][T17709]  chrdev_open+0x4cd/0x5e0
[ 3148.618989][T17709]  ? __pfx_chrdev_open+0x10/0x10
[ 3148.619009][T17709]  ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[ 3148.619039][T17709]  ? __pfx_chrdev_open+0x10/0x10
[ 3148.619059][T17709]  do_dentry_open+0x785/0x14e0
[ 3148.619087][T17709]  vfs_open+0x3b/0x340
[ 3148.619108][T17709]  ? path_openat+0x2df0/0x3860
[ 3148.619127][T17709]  path_openat+0x2e08/0x3860
[ 3148.619150][T17709]  ? __pfx_stack_trace_save+0x10/0x10
[ 3148.619170][T17709]  ? stack_depot_save_flags+0x33/0x810
[ 3148.619195][T17709]  ? __pfx_path_openat+0x10/0x10
[ 3148.619219][T17709]  ? __x64_sys_openat+0x138/0x170
[ 3148.619242][T17709]  ? do_syscall_64+0x14d/0xf80
[ 3148.619267][T17709]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3148.619290][T17709]  ? __lock_acquire+0x6b5/0x2cf0
[ 3148.619315][T17709]  do_file_open+0x23e/0x4a0
[ 3148.619334][T17709]  ? __pfx_do_file_open+0x10/0x10
[ 3148.619361][T17709]  ? _raw_spin_unlock+0x28/0x50
[ 3148.619383][T17709]  ? alloc_fd+0x64b/0x6c0
[ 3148.619410][T17709]  do_sys_openat2+0x113/0x200
[ 3148.619435][T17709]  ? __pfx_do_sys_openat2+0x10/0x10
[ 3148.619459][T17709]  ? exc_page_fault+0x6a/0xc0
[ 3148.619485][T17709]  ? do_user_addr_fault+0xc6f/0x1340
[ 3148.619513][T17709]  __x64_sys_openat+0x138/0x170
[ 3148.619539][T17709]  do_syscall_64+0x14d/0xf80
[ 3148.619564][T17709]  ? trace_irq_disable+0x3b/0x150
[ 3148.619589][T17709]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3148.619608][T17709]  ? clear_bhb_loop+0x40/0x90
[ 3148.619628][T17709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3148.619647][T17709] RIP: 0033:0x7f6d024a7407
[ 3148.619665][T17709] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 3148.619681][T17709] RSP: 002b:00007ffc28b67180 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 3148.619703][T17709] RAX: ffffffffffffffda RBX: 00007f6d02c45880 RCX: 00007f6d024a7407
[ 3148.619717][T17709] RDX: 0000000000000000 RSI: 00007ffc28b67f1a RDI: ffffffffffffff9c
[ 3148.619731][T17709] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 3148.619743][T17709] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 3148.619755][T17709] R13: 00007ffc28b673d0 R14: 00007f6d02dac000 R15: 000055a7c43044d8
[ 3148.619776][T17709]  </TASK>
[ 3148.622186][T17709] Kernel Offset: disabled