last executing test programs:

9.627583092s ago: executing program 0 (id=165):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x18d7, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x0, 0x25b}, 0x0, &(0x7f0000ffe000))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000000c0), 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x20000000)
r3 = socket(0x21, 0x1, 0xfa)
getsockname$inet(r3, 0x0, &(0x7f0000002280))
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x0, 0x3, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000200)={0x6, 0x1, 0x4})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000029f8000000000000"], 0x48)
unshare(0x62040200)
syz_usb_connect(0x0, 0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="120100005520f010402038b14201040000010902"], 0x0)
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r6, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r5, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r6, 0x0, <r7=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r7, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r7, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})
ioctl$IOMMU_IOAS_UNMAP$ALL(r5, 0x3b86, &(0x7f0000000240)={0x18, r6})
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r4, 0x29, 0x41, &(0x7f0000000440)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000040000000000541d0000436f18b500"/101], 0x68)
fsopen(&(0x7f0000000000)='f2fs\x00', 0x0)

7.206016063s ago: executing program 1 (id=170):
r0 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x0, 0xff, 0x64, 0x7, 0x0, @mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x8000, 0xfffffffe}}) (fail_nth: 1)

7.19923173s ago: executing program 1 (id=174):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2000, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_SET(r3, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000003c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0800b9bd7000ffdbd23e0c1255e0be7327a06379de950a100000000000080007000200000024298c7494b12adaa4dbff624f50"], 0x24}, 0x1, 0x0, 0x0, 0x20008040}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x7}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000)
r7 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r8 = syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x4, 0x312}, &(0x7f00000029c0)=<r9=>0x0, &(0x7f0000000300)=<r10=>0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7})
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$UHID_CREATE2(r11, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r11, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f0000000000)=@IORING_OP_FILES_UPDATE={0x14, 0x10, 0x0, 0x0, 0xfff, 0x0})
io_uring_enter(r8, 0x7277, 0x0, 0x28, 0x0, 0x0)
syz_usb_disconnect(r7)

7.197663788s ago: executing program 4 (id=175):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
write$dsp(r0, &(0x7f00000012c0)="a5", 0x1)
read$dsp(r1, &(0x7f0000001380)=""/229, 0xe5) (fail_nth: 14)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0x0, 0x20000000, 0x0, 0x1, 0x900, 0x0, 0x401, 0x2}})

6.538619961s ago: executing program 2 (id=176):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = socket$kcm(0x10, 0x3, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0)
syz_80211_join_ibss(&(0x7f0000000100)='wlan1\x00', 0x0, 0x0, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x28, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x7ff, 0x78}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)

6.401335285s ago: executing program 4 (id=177):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x3e, 0x208604)
r1 = syz_usb_connect$cdc_ecm(0x0, 0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)
syz_usb_disconnect(r1)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r2, &(0x7f0000000480)=""/74, 0x4a)
syz_usb_disconnect(r1)

6.298573199s ago: executing program 2 (id=178):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xa)
r3 = dup(r2)
r4 = socket(0x2, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f0000000080)}, 0x10)
syz_emit_ethernet(0x3e, &(0x7f0000000a00)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @generic={0x7, 0x6, "8ab8c8", 0x8, 0x0, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x12}, {[@dstopts={0x6}]}}}}}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f0000000080)=@assoc_value, 0x8)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x10009, 0x9}, &(0x7f0000000140)=0xc)
r6 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
ftruncate(r6, 0x200004)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r8=>0x0})
sendmsg$can_j1939(r3, &(0x7f00000004c0)={&(0x7f00000001c0)={0x1d, r8, 0x3, {0x0, 0x1, 0x3}, 0xff}, 0x18, &(0x7f0000000200)={&(0x7f0000000400)="0abf74ac14f876a4b564679f7e38407a5f4b101d982620682c313cab7f4b832186772f04b542009492e044e2a1eb5cce8ff17395e49cc2484f9124f41e99bde147f9a08e57864a8d3ea946c1dbc702b22e2ac2f1c967c5a5865dce8e7e58eb6866141ebdba4d34681f7e151d2abd4097283a8dc139361212b9574d3fd5682d30dbc9b499a1d63a40f6b1d3e271ce6e6ee93577eb48884795377abcf4ffc99eaf198066b2430e3428e86323d4aa44d18be5e527", 0xb3}, 0x1, 0x0, 0x0, 0x40}, 0x400c807)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x12, &(0x7f0000000500)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x2b2b694d, 0x0, 0x0, 0x0, 0x7f}, @call={0x85, 0x0, 0x0, 0x85}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r9, 0xfca804a0, 0x0, 0x8, 0x0, &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
write$apparmor_exec(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="0300e40000000000"], 0x8)
r10 = socket$nl_rdma(0x10, 0x3, 0x14)
r11 = dup(r10)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1800000011146d7700000000000000e407004b"], 0x18}}, 0x8000)
sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f0000000740)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000700)={&(0x7f0000000600)={0xcc, 0x0, 0x800, 0x70bd25, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x48, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x397}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x9}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xc}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}]}, 0xcc}, 0x1, 0x0, 0x0, 0x800}, 0x20000801)
sendfile(r3, r6, 0x0, 0x80001d00c0d1)

5.78033306s ago: executing program 1 (id=179):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="8500000003000000d4000000200000009502000000000000"], &(0x7f0000000240)='GPL\x00', 0x1, 0x14, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48)
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
bind$packet(r3, &(0x7f0000000140)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @remote}, 0x14)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
socketpair(0x1e, 0x80005, 0x0, 0x0)
socket$kcm(0x2, 0xa, 0x2)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
preadv(r5, &(0x7f00000001c0)=[{&(0x7f0000000680)=""/212, 0xd4}], 0x1, 0xc, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000c00)=0x4)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r7, 0x84, 0xc, &(0x7f00000001c0), 0x4)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={<r8=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r7, 0x84, 0x6d, &(0x7f0000000240)={r8, 0x20, "d656c9a61490b7e8773ca55437fa234c0170c8cbe5ebdd2be9"}, &(0x7f0000000180)=0xfc86)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000c40)={0x14, r9, 0x2, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0xc001}, 0x24004035)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff0000000015040200000000001d400200000000004704000001ed000062030000000000001d440000000000007a0a00fe00ffffffdb030000a0000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa5b4e377184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7592566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6cb5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
syz_usb_connect(0x0, 0x48, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000183b9220b11342002b58010203010902360002000000000904ca57b67a8bb50009050200ff"], 0x0)

5.282838025s ago: executing program 2 (id=180):
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x8000001f)
r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r5, 0x402, 0x80000024)
fcntl$notify(r4, 0x402, 0x80000032)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
connect$inet6(r0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000480)={0xb8, 0x0, &(0x7f0000000380)=[@request_death={0x400c630e, 0x1}, @enter_looper, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x1100}, @fda={0x66646185, 0x5, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000000)=""/98, 0x62, 0x0, 0x24}}, &(0x7f0000000180)={0x0, 0x18, 0x38}}, 0x400}, @register_looper, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f00000002c0)={@fda={0x66646185, 0x2, 0x2, 0x18}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/209, 0xd1, 0x1, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000540)=""/4096, 0x1000, 0x0, 0x28}}, &(0x7f0000000340)={0x0, 0x20, 0x48}}, 0x40}], 0x7, 0x0, &(0x7f0000000440)="553fc696f4b1a1"})
socket$nl_route(0x10, 0x3, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002abd7000fbdbdf253500000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000700000031000de7"], 0x28}, 0x1, 0x0, 0x0, 0x4040000}, 0x44040000)
socket(0x21, 0x2, 0x2)

4.544941789s ago: executing program 0 (id=184):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x24, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_HOOK={0x4}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x80}}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000d00)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd60000000001406"], 0x0)

4.283894141s ago: executing program 0 (id=185):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x6c, 0xeb, 0x85, 0x40, 0x249c, 0x9002, 0xdead, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x24, 0xdf, 0x6d}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r1)
close(r1)
socket$unix(0x1, 0x1, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e00070011008188040f46ecdb4cb9cca7480ef410000000e3bd6efb440009000e000a000d000000ba8000001201", 0x2e}], 0x1}, 0x40840)

4.106073946s ago: executing program 2 (id=186):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000b5403340861a2275363501020301090212"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000040)={0x1c, &(0x7f0000000180)=ANY=[], 0x0, 0x0})
syz_usb_control_io$uac1(r0, &(0x7f0000000200)={0x14, &(0x7f0000000100)={0x20, 0x21, 0x2, {0x2, 0xd}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x411}}}, &(0x7f0000000500)={0x44, &(0x7f0000000240)={0x0, 0x17, 0x8b, "0dede6b723fdf14f97ff9ce12df6cd56e78e3ca7c9257313a207b661f880e947241b8f04843b8ef12076ec07a93ea542c033395a8731c4fa7d068646f1e1d2a3549c563dfce7db3837faf83afc87f18c789cb1512809d0bf16993df3c427fa2bdb0b4598b7e8a41c73ab46d454ad12c4c6715a14ddfff10a6febcd68e8463180b804b7f7a1e5ef15eca93d"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0xa0}, &(0x7f0000000380)={0x20, 0x81, 0x3, "8a8c84"}, &(0x7f00000003c0)={0x20, 0x82, 0x1, '*'}, &(0x7f0000000400)={0x20, 0x83, 0x2, "90c8"}, &(0x7f0000000480)={0x20, 0x84, 0x3, "4de247"}, &(0x7f00000004c0)={0x20, 0x85, 0x3, 's\ay'}})
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
socket(0xa, 0x2, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x21, 0x80000, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
socket$packet(0x11, 0x2, 0x300)
syz_usb_control_io$cdc_ecm(r0, &(0x7f00000010c0)={0x14, &(0x7f0000000fc0)={0x20, 0x23, 0xa4, {0xa4, 0x8, "250b8abb75ebdd8b023ece4399d71acc4ead2e0b526f7267d05d6e80d26f9c39c7b467826157b3e74779d0cefb20f07be9805cc982bb9eba26b215e49e0805f6e7d927c1b6f36abaeac007d00a049a6fd4b36ed281a2dc8afd6ab5669682daac032a66939cec6c9064a179faf66014736470188d632a18fe2f22f1b6c82d9aa94c57c59acebe68fe70215d7223d56f0d131a86243f6ec0888fdcd0c8f555417d98f4"}}, &(0x7f0000001080)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000001240)={0x1c, &(0x7f0000001100)={0x0, 0x12, 0x9c, "e26e48d6fe1185fd5f9556437fbf195da878d27df7b120effaea8834616e4ec56fb9b9ae89355102a548b76357ff6b4935131ed6cf2666a255d3ac5fb6c08d490dc2d872b91216d81816bcd38ac03fa2c2a5a23d3e533e8c9384e1dcce217725ea45dfa9eadc0efb5e60ab08ce2e4be58dd87d2d48281004679fb45d96f2301e2b772aef3bef39340de4104d6f214de39360a518f22620cf43f3a7cc"}, &(0x7f00000011c0)={0x0, 0xa, 0x1, 0xff}, &(0x7f0000001200)={0x0, 0x8, 0x1, 0xff}})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001000390400"/20, @ANYRES16=r0, @ANYBLOB="059900f3ffffff111800128008000100677470000c000280050005"], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x300080c0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000740)='\x00', 0x1, 0x4c0c0, &(0x7f0000000300)={0x11, 0x86dd, r4, 0x1, 0x0, 0x6, @random="edf9a42a9541"}, 0x14)
syz_usb_control_io$printer(r0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r6 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_TIMESTAMP(r6, 0x1, 0x3f, &(0x7f0000001280)=0x37c, 0x4)
ioctl$TIOCOUTQ(r5, 0x5411, &(0x7f0000000080))
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000640)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x738, 0x1713, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x4, 0x10, 0x7, [{{0x9, 0x4, 0x0, 0xf, 0x2, 0x3, 0x1, 0x2, 0x9, {0x9, 0x21, 0x1000, 0x3, 0x1, {0x22, 0xd9b}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x9, 0x40, 0x6}}}}}]}}]}}, &(0x7f0000000f80)={0xa, &(0x7f0000000cc0)={0xa, 0x6, 0x50, 0x5, 0x6, 0xd, 0x10, 0x80}, 0x5c, &(0x7f0000000d00)={0x5, 0xf, 0x5c, 0x6, [@ssp_cap={0x18, 0x10, 0xa, 0x3, 0x3, 0x80, 0xf000, 0x800, [0x0, 0xc0, 0xff00]}, @ssp_cap={0xc, 0x10, 0xa, 0x5, 0x0, 0x3, 0xf00f, 0xf}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "5b76f73a9125b341d6136a34777c8cbd"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x1, 0x7, 0x6}, @wireless={0xb, 0x10, 0x1, 0xc, 0x12, 0x35, 0x6, 0x2, 0x9}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x2, 0xf, 0x5c}]}, 0x2, [{0xc3, &(0x7f0000000d80)=@string={0xc3, 0x3, "56b90e1fe8d48001aa1ada60bad7bd3e5099c4046295a1cc314030d8390e36bc181be396417a5a72b0daecbf3bfc1372b630792dc7649e1aafc434fe92aca30dc572fee9c2557ca72b7139cc1ce3c63b97b97442a0a234330bc0cb3b645aa80d24c20bfa9bd593d25d14021bd1bdbc327dcd82edb9729858af4117bf33cdf0be7c31b498c9a1b6f8de9e00dede4ecf7991fcbcd1bc8bebf9daab5fad7875f09eb578e0a6afadb4b86ce3c52334fe3bfc406fdf25b7786f2ae99a5a3daeda8d69bd"}}, {0xe1, &(0x7f0000000e80)=@string={0xe1, 0x3, "d939bc0bae4a474f8c08c34dd0cc92412965f535a6567071d3c100d5b4378cd082953cd56caea4d5162751052fe01e97ccee1d331c3fc635feab7bc9236d4a585be139cc2ff1d1f2e398d9799c7b6068cfa8792527844c0dfa66bfb56c4b78c66515653de5863f1a82369170a4a417b6a05a0afcb200120fe8a2c918edfc25f299d8bb216a516596c4cd151f85eb088d32b5ed959a6abf59a3a50f39101d6fc05c713f1f997eba51c904375cf7dd6611bc5da6170c3acefc91a584e3be98c07aa77f4bc086b0046a0c0bf8c75d997d435cc228a232e1a87e21f515f3b06070"}}]})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f0000000440)={0x0, 0x6, 0x2, 'Ib'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$ptmx(0xffffffffffffff9c, &(0x7f00000012c0), 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, &(0x7f0000000600)={0x14, &(0x7f0000000580)={0x40, 0x22, 0x20, {0x20, 0x8, "a775bda4c1bfaf4fa00cd7d3bc471cb6d436bd740e1acf04e150aca19d9b"}}, &(0x7f00000005c0)=ANY=[@ANYBLOB]}, &(0x7f0000000b80)={0x1c, &(0x7f0000000bc0)={0x40, 0x10, 0xce, "3c5286bd746606842c10f02dda7aa64947e3df6c98bdc6a73b6f820de73e720fbe4385a62d10294c4af8b53ad098a3ddf85d09776d097cba7e06e4f9f68ed620634909cceb3e521a1dcea8c2525c8531b3949a93813ed7b7396b585025fff492db9689b7ec45244b775623dbaca9d55f973a24240a375df6eb8a920e4bf9262d05aaae3aecb18e59b4337643eec7390b644e1f7c0bdcc92aa588b30979e36ae27dfad38a3bc83b609a996900177d610aa6b563a450607c9e9a0919ec5a87f307174de42b105807a5b18693faba64"}, &(0x7f0000000740)={0xa1, 0x1, 0x400, "7f08b76ad477786b828457abc5a1e41fa99190879055e53b4de899f6f200ff34ff42dd8a10c8d774d9434005ee37be18a79cf55bf4c10fcbb6073548c5959df97a89b0af0b636ce2c8943b8291ba0ad03a221bfc154b55d2c02b76ef873059edc7569f3921cc26f87234b179bd1188dbcc72587f9dc7cffbdd5ac92b242368f1379997751139161a847bb5b070e28025447ca3a32589e6266fa9d675e628422fc03c33f070ecfe94a5d8afc3d959ad43f787bd49ed7a40f870986efcca6f9ed842c5726df7fb999be19733c96bd222e2dee3ea3fbbdf0cde3cb936436c36c91edd14919da33a967ade0879eabc749257114a8e089582d2e58c5c8e09a936921cd1c9d41ddf6ce97e7f6375b2bbe0979930b9633e9b9871f67209ca488c974539bbffcf8d6f6b8d1d364523967ee38d77d1b0930594e087ee0e1636052ce8629a23ec34ac4399de8277fddc8af6d859646ad59e8daffd6ddbce96fc23c8c23bc2d5f21abde10461417bfece7dde4bd3d6b785481b2878bb5df19b92e089ec062c10c775bb04d0cbbfc605ca93911604ebab81498202643034a0f72549c16098990d841e204b463798b1fc2d8c894b156c301212ef8039b699c9b326910bcec924946a8e368155221f68a30cbaf2890ef33553e30f928672ac15eb040a3d8fd5fcada7c0afe6319cb09ffc6885e3780d9cda24304772daf80b89f9d87dcc0c2033f5ad3e1d1ea6d054cc9f82a1d13b7423683ed4acd81eda2514548a89940413eee618e93b7bed1f2e6ad80f4e749d88721335a618d4524bf9b5f30ccad1ed669a5e1021a3c4d8652e1b1e408350259e9c6abb9012a4a1a255f0807a17decfd6d96c213f72052769f0602541c2c5ade2e454667aaa12c63fae2a15f5c07ede80d319951058e300ed95a032a180174804adc80622697d139c82c7fb4e90282f0f7f755b3055e56e47f8c8dc79b603cc31d3bb2980336ba118f8c327ebb4bde339ddc3d04b34bca63229ce7a2de3a393a99696ece92cfe5151ff7931ce31de5b7b468cccc9f449a8a0f627ca9c75edbeb51a78504be639cd580c5a76724fae26a7ced90e15a034706e9de339bcb2d6795018bab2f62c985e9e41ec3b9b4d117013b6e8dbabcca871b9bcbd471ef55bb6e6f2d2d158a51b88cb5be7a01b7b853ebb6587a4d34a536bcd2a022fddc83e634577e5ed19b62697bdf28ba927eab9e24170653fd9707f8e1f21b9653235f775680692d060db0b761edbf92a6ecd5a0ae79de423f3e915a0e475f44dab73a40b565283ac9ba4396beefbabd737ce697ae2289afdb366025c95137fa385446881937a5414e9e052534a158ec50041793e8e06c6d5e76137cde294f691a5ca0091baf0630bec74ac770423c5605bb7cfaabfba5e0ba8edfcc910180444c46047e24727c7d64fcb5979dd41ed4d135ed68657c3"}, &(0x7f0000000680)={0x21, 0x0, 0x2, '-q'}})

3.377208049s ago: executing program 3 (id=190):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r0, 0x0)
lsm_set_self_attr(0x66, 0x0, 0xffffff4e, 0x0)
pivot_root(&(0x7f0000000140)='./cgroup\x00', &(0x7f0000002240)='./cgroup\x00')

3.355451863s ago: executing program 3 (id=191):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)=@generic={&(0x7f0000000040)='./file0\x00', 0x0, 0x10}, 0x18)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff}, './file0\x00'})
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0x609002, 0x0)
fcntl$getflags(r3, 0x401)
syz_usb_connect(0x2, 0x41, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x6d, 0xf5, 0x71, 0x8, 0x4e2, 0x1424, 0xc7eb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2f, 0x1, 0x96, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xcc, 0x7, 0x0, 0x2, 0x59, 0x61, 0x5, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x890, 0x0, 0x7, 0x8}, {0x6, 0x24, 0x1a, 0x5, 0x11}}]}}]}}]}}, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0xfffffff1, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2}, 0x50)
r5 = socket(0x840000000002, 0x3, 0xff)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000100)={0x0, <r6=>0x0}, &(0x7f0000000140)=0xc)
setreuid(0xffffffffffffffff, r6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x16, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x388000, 0x0, 0x0, 0x0, 0x5}, [@map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}}, @generic={0x9, 0x3, 0x2, 0x1, 0x1}, @ldst={0x1, 0x2, 0x0, 0x9, 0xb, 0xfffffffffffffff0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_val={0x18, 0x2, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000240)={0xff, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x7, 0xa5b, 0x78}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000340)=[r3, r4], &(0x7f0000000380)=[{0x4, 0x3, 0xf}, {0x3, 0x4, 0x9, 0x1}, {0x4, 0x3}, {0x3, 0x1, 0xc, 0x4}]}, 0x94)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000080), 0x80080)

3.318917363s ago: executing program 4 (id=192):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x1, 0x40002, 0x803a0, 0x1, 0x101}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f0000000080), &(0x7f0000000240), 0x1800, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000640)={r0, &(0x7f0000000080), 0x0}, 0x20)
socket$inet6(0xa, 0x3, 0x1)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='io.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_SET_IRQCHIP(r4, 0xc208ae62, &(0x7f0000000600)={0x0, 0x0, @pic={0x7, 0x8, 0x5, 0x1, 0x1, 0xa, 0x4, 0x7f, 0x0, 0x2, 0x3, 0x3, 0xfb, 0xb1, 0xf9, 0xf}})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
read$FUSE(r5, 0x0, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f00000000c0)='.\x00', 0x5000009)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x14, &(0x7f0000000140), 0x106, 0x9}}, 0x20)
r8 = memfd_create(&(0x7f0000000840)='\xfb\"a&\x8fe\x11\x8c\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06\xfd\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\xa1\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xdeL\x1d\x98Zq\xcc%\x98\xb0Yc\xec\xb7\xb5m(9\xde\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1jOB\xdas\xe3\xb47}%)\xb9\xbf{\xce\x94^\xec\xdf\xbcW\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842.\x17c`\x1e\x88\xecif\xee]\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1d2\xb8\x80Z\xf7\x06\xbe\xc9[L\xc5\xc9\xb5\xd6{\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x8fXeT\'0.\x85\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\xacH\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLY\x94\x93\xebT\x15\x817\x9d#\xea\xd2\xa8\xfb^\x8c\x87#\x10d\x89J\xb3zz\x83\x81\x0f\xbd\xdf\xff9**\xb7\xfa\xa9h;<\xe8\x85\v\x9e\x02\x03\xad\xa4\x11R\x14\xbc\xc8\xb5\x89\xffx\x98%O\xf8n~1G\x89\x96\x1d\xecz\xe8\x04\x86G%\xa0\xd5[\xda\xc9', 0x7)
fallocate(r8, 0x0, 0x0, 0x100000000)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
clock_adjtime(0x0, &(0x7f0000000e00)={0xa627, 0x0, 0x100000000000000, 0xc8d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x0, 0x40, 0x0, 0x2})

2.73253748s ago: executing program 0 (id=193):
socket(0x2, 0x80805, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000080)={0x8601, 0x2}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = syz_io_uring_setup(0x1237, &(0x7f0000000380)={0x0, 0x80fd, 0x80, 0x3, 0x2b9}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000200))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
dup2(r5, r2)

2.692129157s ago: executing program 1 (id=194):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000002240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r2 = io_uring_setup(0x21a4, &(0x7f0000000000)={0x0, 0x75f, 0x10, 0x1, 0x11cb})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

2.420427192s ago: executing program 4 (id=195):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x24, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_HOOK={0x4}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x80}}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000d00)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd60000000001406"], 0x0)

2.33361104s ago: executing program 4 (id=196):
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x8000001f)
r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r5, 0x402, 0x80000024)
fcntl$notify(r4, 0x402, 0x80000032)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
connect$inet6(r0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000480)={0xb8, 0x0, &(0x7f0000000380)=[@request_death={0x400c630e, 0x1}, @enter_looper, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x1100}, @fda={0x66646185, 0x5, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000000)=""/98, 0x62, 0x0, 0x24}}, &(0x7f0000000180)={0x0, 0x18, 0x38}}, 0x400}, @register_looper, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f00000002c0)={@fda={0x66646185, 0x2, 0x2, 0x18}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/209, 0xd1, 0x1, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000540)=""/4096, 0x1000, 0x0, 0x28}}, &(0x7f0000000340)={0x0, 0x20, 0x48}}, 0x40}], 0x7, 0x0, &(0x7f0000000440)="553fc696f4b1a1"})
socket$nl_route(0x10, 0x3, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002abd7000fbdbdf253500000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000700000031000de7"], 0x28}, 0x1, 0x0, 0x0, 0x4040000}, 0x44040000)
socket(0x21, 0x2, 0x2)

1.828272917s ago: executing program 3 (id=197):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
recvmmsg(r0, &(0x7f0000008200)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/143, 0x8f}, {&(0x7f0000002d40)=""/4096, 0x1000}, {&(0x7f0000002c40)=""/177, 0xb1}], 0x3}, 0x8000006}, {{0x0, 0x0, 0x0}, 0x987e}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000380)=""/159, 0x9f}, {&(0x7f0000000980)=""/51, 0x33}, {&(0x7f0000000540)=""/237, 0xed}, {&(0x7f00000004c0)=""/52, 0x34}, {&(0x7f0000000000)=""/63, 0x3f}, {&(0x7f00000009c0)=""/4125, 0x101d}, {&(0x7f00000006c0)=""/233, 0xe9}], 0x7}, 0x8cc}], 0x4, 0x12002, 0x0)

1.773765003s ago: executing program 2 (id=198):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs2/custom1\x00', 0xc02, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r2, 0xf503, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x14, 0x1, 0x0, 0x4, 0x4, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
ioctl$SNDCTL_SEQ_TESTMIDI(0xffffffffffffffff, 0x40045108, &(0x7f0000000200))
getsockname$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="34000000100081eee800220400000000100000002705a0dc646ef2bf9100f764d1d57fc79b2a3ca1b1eaf49ce7b71b732c518ee1af99d5fa3a5a9836d726b3a8c40a4e10a3070bf6680f35ba5aa5b7adcb3164ddeaa2e448b7388e2070a2586b331b6482bb39b3c6bea113c5965ece0a4831f147cbb08d85bf3368e03c1e471f7c38bf76e50c821731fcc2587ba96e2b37a469e4dbf89c208d2266d6400788b3e07e9966f7b6bccdc425f865ae116e3b9051442dd7e4a7605cce296f883eb8f4ac8346030efe8013e7b2145d4457ac2e7b0a3708a791", @ANYRES32=r5, @ANYRES8=r1], 0x34}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r8)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r7, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000003200)=@newtfilter={0x34, 0x28, 0xd27, 0x2, 0x0, {0x0, 0x0, 0x0, r9, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=0000000000000000010000', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r11 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x208440, 0x106)
fstatfs(r11, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

1.659862645s ago: executing program 3 (id=199):
r0 = syz_io_uring_setup(0x6fb2, &(0x7f0000000300)={0x0, 0xf36e, 0x10100, 0x0, 0x34b}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x20}}, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/122, 0x7a}], 0x1)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<'], 0x38}}, 0x80)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x10, 0x0, @fd_index=0x8, 0xfff, 0x0, 0x6, 0x0, 0x1})
io_uring_enter(r0, 0x2d3e, 0x2936, 0x0, 0x0, 0x0) (fail_nth: 1)

917.209981ms ago: executing program 3 (id=200):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)={0x28, r1, 0x1, 0x20000002, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@key_params=[@NL80211_ATTR_MAC={0xa}]]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

871.108252ms ago: executing program 1 (id=201):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)={0x28, r1, 0x1, 0x20000002, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@key_params=[@NL80211_ATTR_MAC={0xa}]]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (fail_nth: 1)

818.086353ms ago: executing program 3 (id=202):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x3e, 0x208604)
r1 = syz_usb_connect$cdc_ecm(0x0, 0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001020000402505"], 0x0)
syz_usb_disconnect(r1)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r2, &(0x7f0000000480)=""/74, 0x4a)
syz_usb_disconnect(r1)

740.017537ms ago: executing program 4 (id=203):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x1052c0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
io_setup(0xd, &(0x7f0000000340)=<r5=>0x0)
io_pgetevents(r5, 0x8, 0x1, &(0x7f0000000380)=[{}], &(0x7f0000000500)={0x0, 0x989680}, &(0x7f0000000580)={&(0x7f0000000540)={[0x8]}, 0x8})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ppp={{0x8}, {0xc, 0x2, 0x0, 0x1, {0x8, 0x1, r4}}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0xc}]}, 0x40}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r8 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r9, <r10=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000440)={r10, 0x0, 0x0, 0x0, 0x0, [<r11=>0x0]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r7, 0xc00c642d, &(0x7f0000000080)={r11, 0x0, <r12=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000200)={r10, 0x0, 0x0, 0x0, 0x0, [<r13=>0x0]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r12})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r12, 0xc04064a0, &(0x7f00000004c0)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x8, 0xa, 0x2, 0x4})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r8, 0xc00c642d, &(0x7f0000000040)={r13})
close_range(r0, 0xffffffffffffffff, 0x0)

613.245127ms ago: executing program 1 (id=204):
syz_io_uring_setup(0x110, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = socket(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x0)
rt_sigpending(&(0x7f00000000c0), 0x8)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040))
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x42)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r4 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x3e, &(0x7f00000002c0)=r3, 0x161)
sendmsg$inet(r4, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000380), 0xff7a}], 0x1, &(0x7f0000007880)=[@ip_tos_u8={{0x11, 0x34000}}, @ip_pktinfo={{0x1c, 0xfd000f00, 0x8, {0x0, @remote, @multicast1}}}, @ip_pktinfo={{0x1c, 0x28f0700, 0x8, {0x0, @empty=0xa0050000}}}, @ip_retopts={{0x24, 0x0, 0x7, {[@ra={0x94, 0x4}, @timestamp={0x44, 0x10, 0x88, 0x0, 0x0, [0x0, 0x0, 0x0]}]}}}, @ip_tos_u8={{0x11}}], 0x98}, 0x0)

284.021531ms ago: executing program 2 (id=205):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f00000002c0)={0x0, 0x0, 0x1, 'M'}, 0x9)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
ioctl$SIOCGETMIFCNT_IN6(0xffffffffffffffff, 0x89e0, 0x0)
r4 = getpid()
syz_pidfd_open(r4, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x101400, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r6, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r5, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'})
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000002c0)={'wg2\x00'})
socket$nl_route(0x10, 0x3, 0x0)

228.234836ms ago: executing program 0 (id=206):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x24, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_HOOK={0x4}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x80}}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000d00)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd60000000001406"], 0x0)

0s ago: executing program 0 (id=207):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/diskstats\x00', 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r2, 0x4, &(0x7f0000000380)=""/221, 0xdd, 0x2, 0x1, {0x0, r3}})
syz_usb_connect(0x4, 0x50e, &(0x7f00000006c0)={{0x12, 0x1, 0x310, 0x1b, 0x47, 0xba, 0x8, 0x1404, 0xcddc, 0x10e4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4fc, 0x2, 0x8, 0xf, 0x0, 0x0, [{{0x9, 0x4, 0x3b, 0x10, 0x8, 0x54, 0x36, 0x55, 0x4, [@cdc_ecm={{0x8, 0x24, 0x6, 0x0, 0x0, "61f220"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x10000, 0xc, 0x0, 0x7f}, [@mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x9, 0x80}, @ncm={0x6, 0x24, 0x1a, 0x73b, 0x10}, @obex={0x5, 0x24, 0x15, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0xe, 0x40, 0xec0}, @ncm={0x6, 0x24, 0x1a, 0x53af, 0x4}, @mbim={0xc, 0x24, 0x1b, 0x5, 0xcc9, 0x9, 0x8, 0x8, 0xa6}]}, @uac_as={[@as_header={0x7, 0x24, 0x1, 0x0, 0x4, 0x3}, @format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x1, 0x1, 0xd, 0x1, 'J'}, @as_header={0x7, 0x24, 0x1, 0xf, 0x1, 0x2}, @as_header={0x7, 0x24, 0x1, 0xf2, 0x8}]}], [{{0x9, 0x5, 0x1, 0x10, 0x200, 0x3, 0xee, 0xe2, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x10}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x2, 0xffff}]}}, {{0x9, 0x5, 0x5, 0x3, 0x40, 0x8, 0x6, 0x2}}, {{0x9, 0x5, 0xe, 0x0, 0x20, 0x5, 0x3, 0x1}}, {{0x9, 0x5, 0x1, 0x18, 0x20, 0x80, 0x5, 0x5, [@generic={0xaa, 0x7, "7b835294abfa7610069c36b13f4e1e310e89a0f09af8a69aae85ddd5186aa6e9578098757ed425544dfbbd2c85081776229a776f3f847073adc4bab984d6d8e8c6eee83ff6e4a118f43a6786990b10e876a0bde3c52a31f9a26b6f255b2f4a80340d4309738cdfba27a669641ad47d6f84854fa5ca9fdaed2b4ea7f3d8c6b74467f655adef3a312acd458e887861d6417c89900e6d0adfda3d253761226cecbb8a5ad9af4039ff17"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x9, 0xff}]}}, {{0x9, 0x5, 0x3, 0x4, 0x400, 0x0, 0xc, 0x3, [@generic={0x5a, 0x23, "fe73dbc33a96f68c203467a5ef56f9c33971e33cf0d5ab8a8c7cd403d4e87efc776f88dd863e6e84fc71c90ff22fa86a38e59d98e921d9a063c84cf63d6aa1b401801edf645c4339b951ab1193da8bc5d47f7f89fa887a36"}]}}, {{0x9, 0x5, 0x80, 0x10, 0x400, 0x5, 0x40, 0x7f}}, {{0x9, 0x5, 0xe, 0x10, 0x10, 0x7, 0xf7, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x86}, @generic={0x7d, 0x30, "66388c85e312575eb116dbcae21d9722e26c94a75ddf8ef5c7443504237fc13b08f45419c8e799c0d6e1cf2e2758b6155ceef6540302b03b3bd6f5753519c6a0e3a0c5fa9d7a9c4329f363b1253ab1bb28229d8f1973989d83921dac145560efe76a399b6b8c5f8b80939572b8665a095768cc5a8a99fcf37c6035"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x0, 0x9, 0x40, 0x3}}]}}, {{0x9, 0x4, 0x8d, 0xe, 0xf, 0x27, 0x65, 0x2d, 0x0, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "114162d092"}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x1000, 0x200, 0x3}, [@obex={0x5, 0x24, 0x15, 0x6}, @mdlm_detail={0x6d, 0x24, 0x13, 0x9, "c49112161447ab1f26244fd347b9d635bfebdf24ec1e9e4692eac1b61e67dd9bf259b73ac3d2c68d231d377e94268525d8bafddbed0be41367acecd19795cb89f71c95dc06fcdcc0039208c7c4f1dd149c38d1b8c2e3dea667a46d0f2997376b1e107cab6f08148305"}, @mbim={0xc, 0x24, 0x1b, 0x3, 0x8001, 0xf, 0x3, 0x3, 0x6}]}, @uac_as={[@format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x2, 0x2, 0xa5, 0x0, "1152efce18f92ab7"}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x0, 0x2, 0x5b, 0x9b, "c095"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xb0, 0x4, 0x5, 0x9, 'U@', 'H'}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x4, 0x6, 0x9, "044aa113563cfbbc"}, @format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0x800, 0x6, 0x8, "43d0be3a22abce"}, @as_header={0x7, 0x24, 0x1, 0x36, 0x7, 0x1001}]}], [{{0x9, 0x5, 0xe, 0x4, 0x0, 0x2, 0x1, 0xf8}}, {{0x9, 0x5, 0xc, 0x8, 0x8, 0x3, 0x1, 0x0, [@generic={0x19, 0x0, "50defe4f677601ff7b9e641cf619288c9953924fd3a44d"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x5, 0x3}]}}, {{0x9, 0x5, 0x5, 0xc, 0x400, 0xff, 0x7, 0x0, [@generic={0xad, 0x30, "6655f27f533500ad8ff6abe27c705730206f358a879a601e45b5ded50411116c51564137d87f53b211c9e25c271880ddc49798f81bc37b825f16754538f7a58297a3094348bd5f329a016c7795b29bd0bb67cbf45307b2038da829a58e459597bf337d605cc6b9615e5ea97f02a4ec4ca078a6d884338fcd39d6990c22014a25afd6bae231e751ce918ca3e62fd4db297fc30e607d5a5ba4bcde75bfa53cd89e8d89b21c944ebd8a4d7c98"}]}}, {{0x9, 0x5, 0x80, 0x1, 0x10, 0x2, 0xa, 0xbf, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x1}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x2, 0x4}]}}, {{0x9, 0x5, 0xf, 0x8, 0x20, 0x7, 0xe, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0x1}, @uac_iso={0x7, 0x25, 0x1, 0xc3, 0x8, 0xfffe}]}}, {{0x9, 0x5, 0xa, 0x10, 0x400, 0x85, 0x8, 0x4}}, {{0x9, 0x5, 0x6, 0x1, 0x10, 0x6, 0x81, 0x5}}, {{0x9, 0x5, 0xa, 0x4, 0x20, 0x1, 0x2, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x9, 0xa75e}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x10, 0x5}]}}, {{0x9, 0x5, 0x9, 0x3, 0x40, 0xa, 0x46, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x60, 0x5}]}}, {{0x9, 0x5, 0x1, 0x0, 0x40, 0x0, 0x5, 0x5}}, {{0x9, 0x5, 0x4, 0x10, 0x3ff, 0x70, 0xe0, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0xa4, 0x8}]}}, {{0x9, 0x5, 0x4, 0x4, 0x40, 0x7, 0x1, 0x4e, [@generic={0x8, 0x2, "f68486f623a5"}, @uac_iso={0x7, 0x25, 0x1, 0x85, 0x1, 0xff}]}}, {{0x9, 0x5, 0x9, 0x10, 0x400, 0x9, 0x4, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x7, 0x7d}]}}, {{0x9, 0x5, 0x4, 0xc, 0x3ff, 0x1, 0x1, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x103, 0x9f, 0x40}]}}, {{0x9, 0x5, 0x6, 0x10, 0x8, 0x8, 0xc, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xa, 0x3}]}}]}}]}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x201, 0x3, 0x9, 0x9, 0xef, 0xa1}, 0x3e, &(0x7f0000000100)={0x5, 0xf, 0x3e, 0x4, [@ssp_cap={0x1c, 0x10, 0xa, 0x6, 0x4, 0x0, 0xf00f, 0x7, [0xc0, 0xff00ff, 0x3f30, 0xf]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5e909413550d74a0, 0xd, 0x3, 0xfff}, @ssp_cap={0x10, 0x10, 0xa, 0x97, 0x1, 0x7, 0xf, 0x7, [0xf]}, @ptm_cap={0x3}]}, 0x3, [{0xb, &(0x7f0000000140)=@string={0xb, 0x3, "b11c9452179ab78353"}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x140a}}, {0x6d, &(0x7f0000000200)=@string={0x6d, 0x3, "87ebb611ecc47553d5c2be655a6fa55d6e0ae684891ff5d4d3c3100b9cd1e2b705209f3b45a31021d8f2d76c71bfd5856f1a05255e3a3b12e213018760abbbc4d0768609eb716deb19b296b6b7412bde644efb449799d8146b33572077fc9696da5e80cd5ce6b68ed66836"}}]})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
pwritev(0xffffffffffffffff, &(0x7f0000000680)=[{&(0x7f0000000080)="9d01", 0x2}], 0x1, 0x3, 0x3)
ioctl$USBDEVFS_SETCONFIGURATION(r2, 0x80045505, 0x0)
io_uring_enter(0xffffffffffffffff, 0x627, 0x4c1, 0x43, 0x0, 0x30)
syz_open_dev$usbmon(&(0x7f0000000040), 0x401, 0x400)
unshare(0x2c020400)
unshare(0x4010000)
r4 = socket(0x848000000015, 0x805, 0x0)
bind$inet6(r4, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.170' (ED25519) to the list of known hosts.
[   73.647797][ T5849] cgroup: Unknown subsys name 'net'
[   73.738505][ T5849] cgroup: Unknown subsys name 'cpuset'
[   73.750514][ T5849] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   75.149915][ T5849] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   76.887078][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[   76.893544][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[   78.884757][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.898826][ T5865] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   78.907497][ T5865] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.915327][ T5860] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   78.922423][ T5860] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.930660][ T5860] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.939322][ T5860] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.946701][ T5860] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   78.964326][ T5860] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   78.974326][ T5860] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   79.008916][ T5865] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   79.017220][ T5865] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   79.024891][ T5865] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   79.032954][ T5865] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   79.040305][ T5866] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   79.048279][ T5866] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   79.056447][ T5865] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   79.064859][ T5865] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   79.072537][ T5865] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   79.080451][ T5865] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   79.088318][ T5865] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   79.106998][ T5182] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   79.121296][ T5860] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   79.129587][ T5860] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   79.137590][ T5860] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   79.328116][ T5871] chnl_net:caif_netlink_parms(): no params data found
[   79.505727][ T5871] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.512945][ T5871] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.520563][ T5871] bridge_slave_0: entered allmulticast mode
[   79.528109][ T5871] bridge_slave_0: entered promiscuous mode
[   79.536964][ T5871] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.544694][ T5871] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.552447][ T5871] bridge_slave_1: entered allmulticast mode
[   79.560139][ T5871] bridge_slave_1: entered promiscuous mode
[   79.584123][ T5874] chnl_net:caif_netlink_parms(): no params data found
[   79.673111][ T5871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.685500][ T5871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.763959][ T5874] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.772076][ T5874] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.780568][ T5874] bridge_slave_0: entered allmulticast mode
[   79.787731][ T5874] bridge_slave_0: entered promiscuous mode
[   79.805985][ T5871] team0: Port device team_slave_0 added
[   79.817677][ T5875] chnl_net:caif_netlink_parms(): no params data found
[   79.835419][ T5874] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.843475][ T5874] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.851619][ T5874] bridge_slave_1: entered allmulticast mode
[   79.859054][ T5874] bridge_slave_1: entered promiscuous mode
[   79.866854][ T5871] team0: Port device team_slave_1 added
[   79.883637][ T5876] chnl_net:caif_netlink_parms(): no params data found
[   79.937522][ T5874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.955594][ T5877] chnl_net:caif_netlink_parms(): no params data found
[   79.973416][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.981145][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.009337][ T5871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.021891][ T5874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.043675][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.051541][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.078884][ T5871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.155668][ T5874] team0: Port device team_slave_0 added
[   80.182214][ T5876] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.189792][ T5876] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.197608][ T5876] bridge_slave_0: entered allmulticast mode
[   80.205334][ T5876] bridge_slave_0: entered promiscuous mode
[   80.214663][ T5874] team0: Port device team_slave_1 added
[   80.254940][ T5876] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.262896][ T5876] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.271715][ T5876] bridge_slave_1: entered allmulticast mode
[   80.279575][ T5876] bridge_slave_1: entered promiscuous mode
[   80.295021][ T5875] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.302184][ T5875] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.310201][ T5875] bridge_slave_0: entered allmulticast mode
[   80.317827][ T5875] bridge_slave_0: entered promiscuous mode
[   80.336710][ T5871] hsr_slave_0: entered promiscuous mode
[   80.343413][ T5871] hsr_slave_1: entered promiscuous mode
[   80.375094][ T5875] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.382361][ T5875] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.390369][ T5875] bridge_slave_1: entered allmulticast mode
[   80.398100][ T5875] bridge_slave_1: entered promiscuous mode
[   80.429324][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.436818][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.464630][ T5874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.477394][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.484707][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.511342][ T5874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.530685][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.538065][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.546092][ T5877] bridge_slave_0: entered allmulticast mode
[   80.552934][ T5877] bridge_slave_0: entered promiscuous mode
[   80.574602][ T5876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.589111][ T5876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.605717][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.613095][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.621207][ T5877] bridge_slave_1: entered allmulticast mode
[   80.628581][ T5877] bridge_slave_1: entered promiscuous mode
[   80.659240][ T5875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.670905][ T5875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.692825][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.739556][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.753972][ T5876] team0: Port device team_slave_0 added
[   80.761348][ T5875] team0: Port device team_slave_0 added
[   80.796364][ T5876] team0: Port device team_slave_1 added
[   80.804349][ T5875] team0: Port device team_slave_1 added
[   80.826330][ T5874] hsr_slave_0: entered promiscuous mode
[   80.834044][ T5874] hsr_slave_1: entered promiscuous mode
[   80.841042][ T5874] debugfs: 'hsr0' already exists in 'hsr'
[   80.849073][ T5874] Cannot create hsr debugfs directory
[   80.857452][ T5877] team0: Port device team_slave_0 added
[   80.883200][ T5877] team0: Port device team_slave_1 added
[   80.920231][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.927522][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.956403][ T5875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.976420][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.983445][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.011032][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   81.022940][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_0
[   81.030632][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.058059][ T5876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   81.066513][   T51] Bluetooth: hci0: command tx timeout
[   81.072006][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_1
[   81.076969][ T5860] Bluetooth: hci1: command tx timeout
[   81.082557][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.116860][ T5876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.128383][ T5860] Bluetooth: hci3: command tx timeout
[   81.135157][   T51] Bluetooth: hci2: command tx timeout
[   81.148974][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_1
[   81.156374][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.183271][ T5875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.202413][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1
[   81.210474][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.214371][ T5860] Bluetooth: hci4: command tx timeout
[   81.238404][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.356869][ T5875] hsr_slave_0: entered promiscuous mode
[   81.363180][ T5875] hsr_slave_1: entered promiscuous mode
[   81.370726][ T5875] debugfs: 'hsr0' already exists in 'hsr'
[   81.376922][ T5875] Cannot create hsr debugfs directory
[   81.407062][ T5877] hsr_slave_0: entered promiscuous mode
[   81.413274][ T5877] hsr_slave_1: entered promiscuous mode
[   81.419812][ T5877] debugfs: 'hsr0' already exists in 'hsr'
[   81.425988][ T5877] Cannot create hsr debugfs directory
[   81.452045][ T5876] hsr_slave_0: entered promiscuous mode
[   81.459230][ T5876] hsr_slave_1: entered promiscuous mode
[   81.465625][ T5876] debugfs: 'hsr0' already exists in 'hsr'
[   81.471497][ T5876] Cannot create hsr debugfs directory
[   81.567452][ T5871] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   81.584970][ T5871] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   81.618373][ T5871] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   81.654187][ T5871] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   81.743011][ T5874] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   81.769616][ T5874] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   81.797608][ T5874] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   81.811663][ T5874] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   81.877895][ T5877] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   81.888870][ T5877] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   81.899445][ T5877] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   81.920173][ T5877] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   81.981782][ T5875] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   81.991970][ T5875] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   82.002677][ T5875] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   82.012791][ T5875] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   82.078188][ T5876] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   82.090661][ T5876] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   82.116826][ T5876] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   82.131895][ T5874] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.158667][ T5876] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   82.175755][ T5871] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.230064][ T5874] 8021q: adding VLAN 0 to HW filter on device team0
[   82.242154][ T5871] 8021q: adding VLAN 0 to HW filter on device team0
[   82.273399][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.281071][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.292774][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.301023][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.310241][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.317989][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.346880][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.355837][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.389504][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.429395][ T5875] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.463635][ T5877] 8021q: adding VLAN 0 to HW filter on device team0
[   82.487872][ T5875] 8021q: adding VLAN 0 to HW filter on device team0
[   82.511140][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.518484][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.528109][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.535492][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.545850][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.553046][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.578810][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.587225][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.657255][ T5876] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.686919][ T5876] 8021q: adding VLAN 0 to HW filter on device team0
[   82.695894][ T5871] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.706470][ T5874] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.732277][ T1110] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.739448][ T1110] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.758782][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.766043][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.820575][ T5875] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.838635][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.886323][ T5871] veth0_vlan: entered promiscuous mode
[   82.892744][ T5874] veth0_vlan: entered promiscuous mode
[   82.919578][ T5874] veth1_vlan: entered promiscuous mode
[   82.939478][ T5871] veth1_vlan: entered promiscuous mode
[   82.978532][ T5877] veth0_vlan: entered promiscuous mode
[   82.988940][ T5875] veth0_vlan: entered promiscuous mode
[   83.006848][ T5877] veth1_vlan: entered promiscuous mode
[   83.023526][ T5874] veth0_macvtap: entered promiscuous mode
[   83.033162][ T5874] veth1_macvtap: entered promiscuous mode
[   83.047051][ T5876] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.058057][ T5875] veth1_vlan: entered promiscuous mode
[   83.093689][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.104848][ T5871] veth0_macvtap: entered promiscuous mode
[   83.123540][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.135745][   T51] Bluetooth: hci0: command tx timeout
[   83.141499][ T5860] Bluetooth: hci1: command tx timeout
[   83.150902][ T5871] veth1_macvtap: entered promiscuous mode
[   83.163753][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.173951][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.196933][ T5877] veth0_macvtap: entered promiscuous mode
[   83.205452][ T5860] Bluetooth: hci3: command tx timeout
[   83.205508][   T51] Bluetooth: hci2: command tx timeout
[   83.217755][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.228165][ T5875] veth0_macvtap: entered promiscuous mode
[   83.238688][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.250505][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.262167][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.278465][ T5877] veth1_macvtap: entered promiscuous mode
[   83.285951][   T51] Bluetooth: hci4: command tx timeout
[   83.296469][ T5875] veth1_macvtap: entered promiscuous mode
[   83.309677][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.319040][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.331997][ T5876] veth0_vlan: entered promiscuous mode
[   83.346622][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.356297][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.384602][ T5876] veth1_vlan: entered promiscuous mode
[   83.393336][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.425269][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.453316][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.463719][ T5876] veth0_macvtap: entered promiscuous mode
[   83.482898][  T996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.491806][  T996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.499018][ T5876] veth1_macvtap: entered promiscuous mode
[   83.512499][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.528937][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.542012][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.551406][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.583873][  T996] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.593474][  T996] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.607261][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.618765][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.636056][  T996] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.646821][  T996] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.672991][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.682733][  T996] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.708925][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.717635][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.719351][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.730288][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.750943][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.769097][   T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.778844][   T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.810917][   T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.822056][   T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.837134][ T5874] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   83.876902][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.910730][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.003504][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.021580][ T5956] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6'.
[   84.034840][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.081184][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.091495][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.128294][ T5959] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   84.196113][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.204266][   T24] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[   84.220290][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.271885][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.295814][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.367961][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   84.380146][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.400945][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.412103][   T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[   84.431867][   T24] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[   84.447715][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.469577][   T24] usb 4-1: config 0 descriptor??
[   84.553330][   T24] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[   84.583772][   T24] dvb-usb: bulk message failed: -22 (3/0)
[   84.608681][   T24] dvb-usb: will use the device's hardware PID filter (table count: 16).
[   84.655109][   T24] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[   84.694295][   T24] usb 4-1: media controller created
[   84.717772][ T5970] kvm: pic: non byte write
[   84.726077][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   84.752653][ T5953] dvb-usb: bulk message failed: -22 (2/0)
[   84.784834][   T24] dvb-usb: bulk message failed: -22 (6/0)
[   84.795317][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   84.801562][ T5977] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2'.
[   84.824038][   T24] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[   84.840151][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input5
[   84.858781][ T5988] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'.
[   84.868595][ T5988] netlink: 'syz.1.2': attribute type 30 has an invalid length.
[   84.899798][ T1110] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   84.899857][   T24] dvb-usb: schedule remote query interval to 150 msecs.
[   84.920171][ T1110] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   84.950361][ T1110] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   84.975722][  T979] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   84.992785][   T24] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[   84.992785][ T1110] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   85.017262][ T5977] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2'.
[   85.144914][  T979] usb 1-1: Using ep0 maxpacket: 8
[   85.160333][   T43] dvb-usb: bulk message failed: -22 (1/0)
[   85.161724][  T979] usb 1-1: unable to get BOS descriptor or descriptor too short
[   85.166990][   T43] dvb-usb: error while querying for an remote control event.
[   85.206741][   T51] Bluetooth: hci1: command tx timeout
[   85.212646][   T51] Bluetooth: hci0: command tx timeout
[   85.270493][  T979] usb 1-1: config 4 interface 0 has no altsetting 0
[   85.285787][ T5860] Bluetooth: hci2: command tx timeout
[   85.291428][ T5860] Bluetooth: hci3: command tx timeout
[   85.309678][   T43] usb 4-1: USB disconnect, device number 2
[   85.346463][  T979] usb 1-1: string descriptor 0 read error: -22
[   85.353308][  T979] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[   85.366267][ T5860] Bluetooth: hci4: command tx timeout
[   85.373030][  T979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.400033][  T979] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[   85.407912][   T43] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[   85.434934][  T979] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   85.444750][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.456669][  T979] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[   85.466526][  T979] usb 1-1: media controller created
[   85.492321][  T979] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   85.503745][ T5993] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   85.561297][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   85.604553][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   85.634399][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.661884][ T5997] netlink: 'syz.2.11': attribute type 14 has an invalid length.
[   85.670481][ T5997] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11'.
[   85.729878][ T5991] usb 1-1: USB disconnect, device number 2
[   85.794358][    T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!!
[   85.855954][ T5997] netlink: 'syz.2.11': attribute type 14 has an invalid length.
[   85.856653][  T996] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   85.893033][  T996] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   85.907625][  T996] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   85.911022][ T5997] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11'.
[   85.918931][  T996] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   85.953067][ T5997] Zero length message leads to an empty skb
[   86.048263][ T6003] netlink: 32 bytes leftover after parsing attributes in process `syz.2.13'.
[   86.359152][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   86.784336][   T43] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   86.854544][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   86.865162][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[   86.875848][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   87.037512][ T6027] FAULT_INJECTION: forcing a failure.
[   87.037512][ T6027] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   87.053095][   T43] usb 2-1: Using ep0 maxpacket: 32
[   87.064643][ T5911] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   87.094299][ T6027] CPU: 0 UID: 0 PID: 6027 Comm: syz.2.22 Not tainted syzkaller #0 PREEMPT(full) 
[   87.094333][ T6027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   87.094347][ T6027] Call Trace:
[   87.094357][ T6027]  <TASK>
[   87.094367][ T6027]  dump_stack_lvl+0x189/0x250
[   87.094399][ T6027]  ? __pfx____ratelimit+0x10/0x10
[   87.094431][ T6027]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.094456][ T6027]  ? __pfx__printk+0x10/0x10
[   87.094484][ T6027]  ? __might_fault+0xb0/0x130
[   87.094517][ T6027]  ? rcu_is_watching+0x15/0xb0
[   87.094540][ T6027]  should_fail_ex+0x414/0x560
[   87.094571][ T6027]  _copy_from_user+0x2d/0xb0
[   87.094596][ T6027]  ___sys_sendmsg+0x158/0x2a0
[   87.094620][ T6027]  ? __pfx____sys_sendmsg+0x10/0x10
[   87.094660][ T6027]  ? __fget_files+0x2a/0x420
[   87.094694][ T6027]  ? __fget_files+0x3a0/0x420
[   87.094744][ T6027]  __x64_sys_sendmsg+0x19b/0x260
[   87.094767][ T6027]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   87.095024][ T6027]  ? __pfx_ksys_write+0x10/0x10
[   87.095053][ T6027]  ? rcu_is_watching+0x15/0xb0
[   87.095070][ T6027]  ? rcu_is_watching+0x15/0xb0
[   87.095086][ T6027]  do_syscall_64+0xfa/0x3b0
[   87.095115][ T6027]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.095130][ T6027]  ? clear_bhb_loop+0x60/0xb0
[   87.095148][ T6027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.095169][ T6027] RIP: 0033:0x7fe2d0f8ebe9
[   87.095203][ T6027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.095434][ T6027] RSP: 002b:00007fe2cf1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.095455][ T6027] RAX: ffffffffffffffda RBX: 00007fe2d11b5fa0 RCX: 00007fe2d0f8ebe9
[   87.095467][ T6027] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[   87.095477][ T6027] RBP: 00007fe2cf1f6090 R08: 0000000000000000 R09: 0000000000000000
[   87.095487][ T6027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   87.095496][ T6027] R13: 00007fe2d11b6038 R14: 00007fe2d11b5fa0 R15: 00007fe2d12dfa28
[   87.095514][ T6027]  </TASK>
[   87.588344][ T5860] Bluetooth: hci0: command tx timeout
[   87.588441][   T51] Bluetooth: hci1: command tx timeout
[   87.594036][ T5860] Bluetooth: hci3: command tx timeout
[   87.600043][   T51] Bluetooth: hci2: command tx timeout
[   87.606646][   T43] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   87.612253][   T51] Bluetooth: hci4: command tx timeout
[   87.668837][   T43] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   87.683390][ T5911] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   87.697000][ T5911] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[   87.721912][   T43] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   87.773879][   T43] usb 2-1: Product: syz
[   87.773881][ T5911] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[   87.794314][   T43] usb 2-1: Manufacturer: syz
[   87.795027][ T5911] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   87.799143][   T43] usb 2-1: SerialNumber: syz
[   87.813088][ T5911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.861717][ T5911] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[   87.929848][   T43] usb 2-1: config 0 descriptor??
[   88.027553][ T6001] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   88.097618][ T5911] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -12
[   88.963052][ T6044] FAULT_INJECTION: forcing a failure.
[   88.963052][ T6044] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   89.111230][ T6044] CPU: 1 UID: 0 PID: 6044 Comm: syz.3.28 Not tainted syzkaller #0 PREEMPT(full) 
[   89.111261][ T6044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   89.111274][ T6044] Call Trace:
[   89.111282][ T6044]  <TASK>
[   89.111291][ T6044]  dump_stack_lvl+0x189/0x250
[   89.111321][ T6044]  ? __pfx____ratelimit+0x10/0x10
[   89.111349][ T6044]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.111390][ T6044]  ? __pfx__printk+0x10/0x10
[   89.111417][ T6044]  ? __might_fault+0xb0/0x130
[   89.111449][ T6044]  ? rcu_is_watching+0x15/0xb0
[   89.111471][ T6044]  should_fail_ex+0x414/0x560
[   89.111502][ T6044]  _copy_from_user+0x2d/0xb0
[   89.111531][ T6044]  __sys_sendto+0x25c/0x520
[   89.111565][ T6044]  ? __pfx___sys_sendto+0x10/0x10
[   89.111596][ T6044]  ? __mutex_unlock_slowpath+0x1a1/0x740
[   89.111634][ T6044]  ? __fget_files+0x3a0/0x420
[   89.111672][ T6044]  ? ksys_write+0x22a/0x250
[   89.111700][ T6044]  ? __pfx_ksys_write+0x10/0x10
[   89.111729][ T6044]  __x64_sys_sendto+0xde/0x100
[   89.111764][ T6044]  do_syscall_64+0xfa/0x3b0
[   89.111871][ T6044]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.111892][ T6044]  ? clear_bhb_loop+0x60/0xb0
[   89.111916][ T6044]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.111937][ T6044] RIP: 0033:0x7f608558ebe9
[   89.111954][ T6044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.111972][ T6044] RSP: 002b:00007f60837f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   89.111993][ T6044] RAX: ffffffffffffffda RBX: 00007f60857b5fa0 RCX: 00007f608558ebe9
[   89.112009][ T6044] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003
[   89.112023][ T6044] RBP: 00007f60837f6090 R08: 00002000000000c0 R09: 000000000000001c
[   89.112036][ T6044] R10: 0000000004000050 R11: 0000000000000246 R12: 0000000000000001
[   89.112049][ T6044] R13: 00007f60857b6038 R14: 00007f60857b5fa0 R15: 00007f60858dfa28
[   89.112073][ T6044]  </TASK>
[   89.638771][ T6054] VFS: Mount too revealing
[   89.643319][ T5920] usb 1-1: USB disconnect, device number 3
[   89.664896][ T6054] netlink: 12 bytes leftover after parsing attributes in process `syz.4.32'.
[   89.691057][ T6054] netlink: 12 bytes leftover after parsing attributes in process `syz.4.32'.
[   89.728989][ T6054] fuse: Bad value for 'fd'
[   90.017385][ T6063] capability: warning: `syz.2.34' uses deprecated v2 capabilities in a way that may be insecure
[   90.031980][ T5920] usb 2-1: USB disconnect, device number 2
[   90.672194][ T5920] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[   90.727429][ T6079] FAULT_INJECTION: forcing a failure.
[   90.727429][ T6079] name failslab, interval 1, probability 0, space 0, times 0
[   90.804222][ T5920] usb 5-1: device descriptor read/64, error -71
[   90.813224][ T6079] CPU: 0 UID: 0 PID: 6079 Comm: syz.3.42 Not tainted syzkaller #0 PREEMPT(full) 
[   90.813248][ T6079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   90.813258][ T6079] Call Trace:
[   90.813264][ T6079]  <TASK>
[   90.813271][ T6079]  dump_stack_lvl+0x189/0x250
[   90.813294][ T6079]  ? __pfx____ratelimit+0x10/0x10
[   90.813317][ T6079]  ? __pfx_dump_stack_lvl+0x10/0x10
[   90.813335][ T6079]  ? __pfx__printk+0x10/0x10
[   90.813358][ T6079]  ? __pfx___might_resched+0x10/0x10
[   90.813373][ T6079]  ? lock_acquire+0x5f/0x360
[   90.813397][ T6079]  should_fail_ex+0x414/0x560
[   90.813419][ T6079]  should_failslab+0xa8/0x100
[   90.813443][ T6079]  __kmalloc_noprof+0xcb/0x4f0
[   90.813464][ T6079]  ? kfree+0x4d/0x440
[   90.813481][ T6079]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[   90.813499][ T6079]  tomoyo_realpath_from_path+0xe3/0x5d0
[   90.813515][ T6079]  ? tomoyo_domain+0xd9/0x130
[   90.813532][ T6079]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   90.813553][ T6079]  tomoyo_path_number_perm+0x1e8/0x5a0
[   90.813574][ T6079]  ? lock_release+0x4b/0x3e0
[   90.813596][ T6079]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   90.813618][ T6079]  ? rcu_is_watching+0x15/0xb0
[   90.813634][ T6079]  ? lock_release+0x4b/0x3e0
[   90.813655][ T6079]  ? vfs_write+0x956/0xb30
[   90.813676][ T6079]  ? __mutex_unlock_slowpath+0x1a1/0x740
[   90.813705][ T6079]  ? lock_release+0x4b/0x3e0
[   90.813729][ T6079]  ? __fget_files+0x2a/0x420
[   90.813754][ T6079]  ? __fget_files+0x3a0/0x420
[   90.813777][ T6079]  ? __fget_files+0x2a/0x420
[   90.813802][ T6079]  security_file_ioctl+0xcb/0x2d0
[   90.813823][ T6079]  __se_sys_ioctl+0x47/0x170
[   90.813843][ T6079]  do_syscall_64+0xfa/0x3b0
[   90.813866][ T6079]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.813882][ T6079]  ? clear_bhb_loop+0x60/0xb0
[   90.813899][ T6079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.813914][ T6079] RIP: 0033:0x7f608558ebe9
[   90.813928][ T6079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.813941][ T6079] RSP: 002b:00007f60837f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   90.813958][ T6079] RAX: ffffffffffffffda RBX: 00007f60857b5fa0 RCX: 00007f608558ebe9
[   90.813969][ T6079] RDX: 0000000000000000 RSI: 0000000000008902 RDI: 0000000000000003
[   90.813979][ T6079] RBP: 00007f60837f6090 R08: 0000000000000000 R09: 0000000000000000
[   90.813996][ T6079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.814005][ T6079] R13: 00007f60857b6038 R14: 00007f60857b5fa0 R15: 00007f60858dfa28
[   90.814023][ T6079]  </TASK>
[   91.121799][ T6079] ERROR: Out of memory at tomoyo_realpath_from_path.
[   91.214446][ T5920] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[   91.454750][ T5920] usb 5-1: device descriptor read/64, error -71
[   91.590371][ T5920] usb usb5-port1: attempt power cycle
[   91.994237][ T5921] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   92.024231][ T5920] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[   92.075145][ T5920] usb 5-1: device descriptor read/8, error -71
[   92.208385][ T5921] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[   92.237401][   T43] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   92.249671][ T1218] cfg80211: failed to load regulatory.db
[   92.275048][ T5921] usb 4-1: config 0 has no interface number 0
[   92.315139][ T5920] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[   92.346076][ T5921] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[   92.368777][ T5920] usb 5-1: device descriptor read/8, error -71
[   92.384288][   T43] usb 2-1: device descriptor read/64, error -71
[   92.439509][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.526266][ T5921] usb 4-1: config 0 descriptor??
[   92.540243][ T5920] usb usb5-port1: unable to enumerate USB device
[   92.558866][ T5921] usb 4-1: selecting invalid altsetting 1
[   92.581852][ T5921] dvb_ttusb_budget: ttusb_init_controller: error
[   92.606761][ T5921] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[   92.674354][   T43] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   92.730773][ T5921] DVB: Unable to find symbol cx22700_attach()
[   92.773220][ T1218] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   92.815121][ T5921] DVB: Unable to find symbol tda10046_attach()
[   92.821955][ T5921] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[   93.024312][   T43] usb 2-1: device descriptor read/64, error -71
[   93.224749][   T43] usb usb2-port1: attempt power cycle
[   93.338676][ T1218] usb 1-1: Using ep0 maxpacket: 32
[   93.548145][ T1218] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[   93.557019][ T1218] usb 1-1: config 0 has no interface number 0
[   93.574497][ T6110] netlink: 8 bytes leftover after parsing attributes in process `syz.2.50'.
[   93.580004][ T1218] usb 1-1: config 0 interface 184 has no altsetting 0
[   93.650954][ T6107] netlink: 60 bytes leftover after parsing attributes in process `syz.2.50'.
[   93.660931][ T6107] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   93.668894][ T6107] IPv6: NLM_F_CREATE should be set when creating new route
[   93.674809][   T43] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   93.701857][ T6114] netlink: 'syz.4.52': attribute type 4 has an invalid length.
[   93.717600][   T43] usb 2-1: device descriptor read/8, error -71
[   93.780250][ T1218] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   93.791582][ T1218] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   93.806972][ T6114] FAULT_INJECTION: forcing a failure.
[   93.806972][ T6114] name failslab, interval 1, probability 0, space 0, times 0
[   93.824250][ T1218] usb 1-1: Product: syz
[   93.824274][ T1218] usb 1-1: Manufacturer: syz
[   93.824290][ T1218] usb 1-1: SerialNumber: syz
[   93.927003][ T6114] CPU: 1 UID: 0 PID: 6114 Comm: syz.4.52 Not tainted syzkaller #0 PREEMPT(full) 
[   93.927037][ T6114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   93.927109][ T6114] Call Trace:
[   93.927121][ T6114]  <TASK>
[   93.927130][ T6114]  dump_stack_lvl+0x189/0x250
[   93.927155][ T6114]  ? __pfx____ratelimit+0x10/0x10
[   93.927177][ T6114]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.927195][ T6114]  ? __pfx__printk+0x10/0x10
[   93.927217][ T6114]  ? tomoyo_check_open_permission+0x16a/0x3b0
[   93.927244][ T6114]  ? __pfx___might_resched+0x10/0x10
[   93.927259][ T6114]  ? lock_acquire+0x5f/0x360
[   93.927282][ T6114]  should_fail_ex+0x414/0x560
[   93.927305][ T6114]  should_failslab+0xa8/0x100
[   93.927329][ T6114]  __kmalloc_cache_noprof+0x70/0x3d0
[   93.927352][ T6114]  ? sctp_datamsg_from_user+0x88/0xef0
[   93.927372][ T6114]  ? rcu_is_watching+0x15/0xb0
[   93.927390][ T6114]  sctp_datamsg_from_user+0x88/0xef0
[   93.927410][ T6114]  ? unwind_next_frame+0xa5/0x2390
[   93.927428][ T6114]  ? rcu_is_watching+0x15/0xb0
[   93.927443][ T6114]  ? unwind_next_frame+0xa5/0x2390
[   93.927473][ T6114]  ? unwind_next_frame+0xa5/0x2390
[   93.927490][ T6114]  ? rcu_is_watching+0x15/0xb0
[   93.927505][ T6114]  ? __genradix_ptr+0x1e1/0x220
[   93.927524][ T6114]  sctp_sendmsg_to_asoc+0x1003/0x1810
[   93.927556][ T6114]  ? rcu_is_watching+0x15/0xb0
[   93.927580][ T6114]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[   93.927603][ T6114]  ? sctp_sendmsg+0xb97/0x2810
[   93.927627][ T6114]  ? __local_bh_enable_ip+0x12d/0x1c0
[   93.927644][ T6114]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   93.927661][ T6114]  ? sctp_sendmsg_check_sflags+0x18d/0x2e0
[   93.927688][ T6114]  sctp_sendmsg+0x1941/0x2810
[   93.927716][ T6114]  ? __pfx_sctp_sendmsg+0x10/0x10
[   93.927742][ T6114]  ? aa_sk_perm+0x81e/0x950
[   93.927766][ T6114]  ? __pfx_aa_sk_perm+0x10/0x10
[   93.927790][ T6114]  ? sock_rps_record_flow+0x19/0x410
[   93.927811][ T6114]  ? inet_sendmsg+0x2f4/0x370
[   93.927829][ T6114]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   93.927847][ T6114]  __sock_sendmsg+0x19c/0x270
[   93.927870][ T6114]  __sys_sendto+0x3bd/0x520
[   93.927895][ T6114]  ? __pfx___sys_sendto+0x10/0x10
[   93.927918][ T6114]  ? __mutex_unlock_slowpath+0x1a1/0x740
[   93.927951][ T6114]  ? __fget_files+0x3a0/0x420
[   93.927980][ T6114]  ? ksys_write+0x22a/0x250
[   93.928002][ T6114]  ? __pfx_ksys_write+0x10/0x10
[   93.928021][ T6114]  ? rcu_is_watching+0x15/0xb0
[   93.928037][ T6114]  __x64_sys_sendto+0xde/0x100
[   93.928063][ T6114]  do_syscall_64+0xfa/0x3b0
[   93.928088][ T6114]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.928103][ T6114]  ? clear_bhb_loop+0x60/0xb0
[   93.928121][ T6114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.928136][ T6114] RIP: 0033:0x7f488e78ebe9
[   93.928152][ T6114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.928166][ T6114] RSP: 002b:00007f488f52b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   93.928187][ T6114] RAX: ffffffffffffffda RBX: 00007f488e9b5fa0 RCX: 00007f488e78ebe9
[   93.928200][ T6114] RDX: 0000000000000003 RSI: 0000200000000700 RDI: 0000000000000003
[   93.928210][ T6114] RBP: 00007f488f52b090 R08: 0000000000000000 R09: 0000000000000000
[   93.928219][ T6114] R10: 0000000000004090 R11: 0000000000000246 R12: 0000000000000001
[   93.928230][ T6114] R13: 00007f488e9b6038 R14: 00007f488e9b5fa0 R15: 00007f488eadfa28
[   93.928248][ T6114]  </TASK>
[   94.323605][ T1218] usb 1-1: config 0 descriptor??
[   94.334532][ T1218] smsc75xx v1.0.0
[   94.338373][ T1218] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[   94.349082][ T1218] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -22
[   94.451378][ T1218] usb 4-1: USB disconnect, device number 3
[   94.459715][   T43] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   94.495429][   T43] usb 2-1: device descriptor read/8, error -71
[   94.614594][   T43] usb usb2-port1: unable to enumerate USB device
[   94.775221][ T6121] FAULT_INJECTION: forcing a failure.
[   94.775221][ T6121] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   94.834499][ T6103] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   94.836254][ T6122] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   94.840575][ T6103] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[   94.857103][ T6121] CPU: 0 UID: 0 PID: 6121 Comm: syz.4.55 Not tainted syzkaller #0 PREEMPT(full) 
[   94.857123][ T6121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   94.857133][ T6121] Call Trace:
[   94.857139][ T6121]  <TASK>
[   94.857145][ T6121]  dump_stack_lvl+0x189/0x250
[   94.857167][ T6121]  ? __pfx____ratelimit+0x10/0x10
[   94.857189][ T6121]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.857206][ T6121]  ? __pfx__printk+0x10/0x10
[   94.857226][ T6121]  ? __might_fault+0xb0/0x130
[   94.857251][ T6121]  ? rcu_is_watching+0x15/0xb0
[   94.857267][ T6121]  should_fail_ex+0x414/0x560
[   94.857289][ T6121]  _copy_from_user+0x2d/0xb0
[   94.857306][ T6121]  ___sys_sendmsg+0x158/0x2a0
[   94.857323][ T6121]  ? __pfx____sys_sendmsg+0x10/0x10
[   94.857350][ T6121]  ? __fget_files+0x2a/0x420
[   94.857373][ T6121]  ? __fget_files+0x3a0/0x420
[   94.857399][ T6121]  __x64_sys_sendmsg+0x19b/0x260
[   94.857415][ T6121]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   94.857434][ T6121]  ? __pfx_ksys_write+0x10/0x10
[   94.857452][ T6121]  ? rcu_is_watching+0x15/0xb0
[   94.857468][ T6121]  ? rcu_is_watching+0x15/0xb0
[   94.857483][ T6121]  do_syscall_64+0xfa/0x3b0
[   94.857505][ T6121]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.857519][ T6121]  ? clear_bhb_loop+0x60/0xb0
[   94.857536][ T6121]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.857550][ T6121] RIP: 0033:0x7f488e78ebe9
[   94.857563][ T6121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.857576][ T6121] RSP: 002b:00007f488f52b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   94.857591][ T6121] RAX: ffffffffffffffda RBX: 00007f488e9b5fa0 RCX: 00007f488e78ebe9
[   94.857603][ T6121] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[   94.857612][ T6121] RBP: 00007f488f52b090 R08: 0000000000000000 R09: 0000000000000000
[   94.857621][ T6121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.857630][ T6121] R13: 00007f488e9b6038 R14: 00007f488e9b5fa0 R15: 00007f488eadfa28
[   94.857647][ T6121]  </TASK>
[   95.102760][ T6122] batman_adv: batadv0: Removing interface: batadv_slave_0
[   95.104768][    C0] vkms_vblank_simulate: vblank timer overrun
[   95.109070][ T6102] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   95.136755][ T6119] syz.2.54 uses obsolete (PF_INET,SOCK_PACKET)
[   95.200936][ T6102] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   95.203082][ T6122] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   95.220734][ T6122] batman_adv: batadv0: Removing interface: batadv_slave_1
[   95.246408][ T6132] FAULT_INJECTION: forcing a failure.
[   95.246408][ T6132] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   95.261377][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: syz.4.57 Not tainted syzkaller #0 PREEMPT(full) 
[   95.261409][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   95.261422][ T6132] Call Trace:
[   95.261430][ T6132]  <TASK>
[   95.261438][ T6132]  dump_stack_lvl+0x189/0x250
[   95.261467][ T6132]  ? __pfx____ratelimit+0x10/0x10
[   95.261492][ T6132]  ? __pfx_dump_stack_lvl+0x10/0x10
[   95.261512][ T6132]  ? __pfx__printk+0x10/0x10
[   95.261537][ T6132]  ? __might_fault+0xb0/0x130
[   95.261569][ T6132]  ? rcu_is_watching+0x15/0xb0
[   95.261590][ T6132]  should_fail_ex+0x414/0x560
[   95.261619][ T6132]  _copy_from_user+0x2d/0xb0
[   95.261643][ T6132]  ___sys_sendmsg+0x158/0x2a0
[   95.261665][ T6132]  ? __pfx____sys_sendmsg+0x10/0x10
[   95.261703][ T6132]  ? __fget_files+0x2a/0x420
[   95.261747][ T6132]  ? __fget_files+0x3a0/0x420
[   95.261784][ T6132]  __x64_sys_sendmsg+0x19b/0x260
[   95.261807][ T6132]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   95.261830][ T6132]  ? __pfx_ksys_write+0x10/0x10
[   95.261854][ T6132]  ? rcu_is_watching+0x15/0xb0
[   95.261875][ T6132]  ? rcu_is_watching+0x15/0xb0
[   95.261896][ T6132]  do_syscall_64+0xfa/0x3b0
[   95.261926][ T6132]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.261946][ T6132]  ? clear_bhb_loop+0x60/0xb0
[   95.261970][ T6132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.261991][ T6132] RIP: 0033:0x7f488e78ebe9
[   95.262010][ T6132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.262028][ T6132] RSP: 002b:00007f488f52b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   95.262050][ T6132] RAX: ffffffffffffffda RBX: 00007f488e9b5fa0 RCX: 00007f488e78ebe9
[   95.262066][ T6132] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[   95.262080][ T6132] RBP: 00007f488f52b090 R08: 0000000000000000 R09: 0000000000000000
[   95.262092][ T6132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.262103][ T6132] R13: 00007f488e9b6038 R14: 00007f488e9b5fa0 R15: 00007f488eadfa28
[   95.262124][ T6132]  </TASK>
[   95.268760][ T6103] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   95.511159][ T6103] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[   95.583568][ T6103] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   95.607447][ T6103] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[   95.651341][ T6103] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[   95.658179][ T6103] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[   95.848317][ T6103] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   95.865250][ T6103] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[   97.014822][ T5989] usb 1-1: USB disconnect, device number 4
[   97.274446][ T5911] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   97.474773][ T5911] usb 5-1: device descriptor read/64, error -71
[   97.494908][ T1218] IPVS: starting estimator thread 0...
[   97.604345][ T6177] IPVS: using max 49 ests per chain, 117600 per kthread
[   97.786051][ T5911] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   97.945151][ T5911] usb 5-1: device descriptor read/64, error -71
[   98.054516][ T5911] usb usb5-port1: attempt power cycle
[   98.144281][ T5989] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   98.315961][ T5989] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 245, setting to 64
[   98.335990][ T5989] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[   98.404513][ T5911] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   98.419353][ T5989] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.442266][ T5989] usb 4-1: config 0 descriptor??
[   98.458074][ T5911] usb 5-1: device descriptor read/8, error -71
[   98.744061][ T5989] ath6kl: Failed to submit usb control message: -71
[   98.816786][ T5911] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[   98.911729][ T5911] usb 5-1: device descriptor read/8, error -71
[   98.965102][ T1218] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   98.973221][ T5989] ath6kl: unable to send the bmi data to the device: -71
[   99.002152][ T5989] ath6kl: Unable to send get target info: -71
[   99.024634][ T5989] ath6kl: Failed to init ath6kl core: -71
[   99.074216][ T5989] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[   99.105591][ T5911] usb usb5-port1: unable to enumerate USB device
[   99.180527][ T1218] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[   99.193935][ T1218] usb 3-1: config 0 has no interface number 0
[   99.235700][ T5989] usb 4-1: USB disconnect, device number 4
[   99.269891][ T1218] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[   99.329989][ T1218] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.365896][ T1218] usb 3-1: config 0 descriptor??
[   99.410350][ T1218] usb 3-1: selecting invalid altsetting 1
[   99.431353][ T1218] dvb_ttusb_budget: ttusb_init_controller: error
[   99.502420][ T1218] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  100.669006][ T1218] DVB: Unable to find symbol cx22700_attach()
[  100.760511][ T1218] DVB: Unable to find symbol tda10046_attach()
[  100.789216][ T1218] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  100.922873][   T30] audit: type=1326 audit(1755828871.642:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6217 comm="syz.0.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  101.013108][   T30] audit: type=1326 audit(1755828871.642:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6217 comm="syz.0.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  101.268757][   T30] audit: type=1326 audit(1755828871.642:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6217 comm="syz.0.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  101.439599][   T30] audit: type=1326 audit(1755828871.642:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6217 comm="syz.0.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  101.601790][   T30] audit: type=1326 audit(1755828871.642:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6217 comm="syz.0.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  101.804491][ T5989] usb 3-1: USB disconnect, device number 2
[  101.835958][   T30] audit: type=1326 audit(1755828871.642:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6217 comm="syz.0.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  102.103584][   T30] audit: type=1326 audit(1755828871.642:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6217 comm="syz.0.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  102.814322][ T5921] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  102.997011][ T5921] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  103.029561][ T5921] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  103.088229][ T5921] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  103.120519][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  103.252397][ T5921] usb 3-1: SerialNumber: syz
[  103.508055][ T5921] usb 3-1: 0:2 : does not exist
[  103.578891][ T5921] usb 3-1: USB disconnect, device number 3
[  103.661012][ T5862] udevd[5862]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  104.117882][ T5911] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  104.264316][ T5949] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  104.298000][ T5911] usb 2-1: Using ep0 maxpacket: 32
[  104.320334][ T5911] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  104.350355][ T5911] usb 2-1: config 0 has no interface number 0
[  104.387415][ T5911] usb 2-1: config 0 interface 184 has no altsetting 0
[  104.423504][ T5911] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  104.435590][ T5949] usb 4-1: Using ep0 maxpacket: 32
[  104.442842][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.452778][ T5949] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  104.461668][ T5949] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  104.473448][ T5911] usb 2-1: Product: syz
[  104.483277][ T5949] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  104.497398][ T5911] usb 2-1: Manufacturer: syz
[  104.502784][ T5911] usb 2-1: SerialNumber: syz
[  104.508417][ T5949] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  104.523673][ T5949] usb 4-1: config 0 interface 0 has no altsetting 0
[  104.532425][ T5911] usb 2-1: config 0 descriptor??
[  104.547583][ T5911] smsc75xx v1.0.0
[  104.553376][ T5911] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  104.594715][ T5911] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -22
[  104.625656][ T5949] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  104.657643][ T5949] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  104.701999][ T5949] usb 4-1: Product: syz
[  104.712868][ T6272] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  104.732207][ T5949] usb 4-1: Manufacturer: syz
[  104.745721][ T5949] usb 4-1: SerialNumber: syz
[  104.787201][ T6261] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.795984][ T6261] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.811675][ T6261] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.848285][ T6261] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.862997][ T5949] usb 4-1: config 0 descriptor??
[  104.872411][ T5949] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  104.887784][ T6275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  104.903197][ T5949] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  104.913605][ T6275] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  104.926751][ T6273] netlink: 428 bytes leftover after parsing attributes in process `syz.0.100'.
[  105.090367][ T5911] usb 4-1: USB disconnect, device number 5
[  105.108461][ T5911] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  105.171499][ T6278] netlink: 8 bytes leftover after parsing attributes in process `syz.0.101'.
[  105.192139][ T6278] netlink: 40 bytes leftover after parsing attributes in process `syz.0.101'.
[  105.430557][ T6286] netlink: 'syz.0.103': attribute type 29 has an invalid length.
[  105.909287][ T6294] process 'syz.3.107' launched '/dev/fd/4' with NULL argv: empty string added
[  105.919206][ T5921] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  105.944381][ T1218] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  106.076061][ T5921] usb 3-1: Using ep0 maxpacket: 32
[  106.095230][ T5921] usb 3-1: config 0 has an invalid interface number: 89 but max is 0
[  106.104384][ T1218] usb 1-1: Using ep0 maxpacket: 32
[  106.112289][ T1218] usb 1-1: config 0 has an invalid interface number: 89 but max is 0
[  106.121444][ T1218] usb 1-1: config 0 has no interface number 0
[  106.133371][ T5921] usb 3-1: config 0 has no interface number 0
[  106.146140][ T1218] usb 1-1: config 0 interface 89 has no altsetting 0
[  106.155359][ T5921] usb 3-1: config 0 interface 89 has no altsetting 0
[  106.169565][ T1218] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  106.188349][ T1218] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.199836][ T1218] usb 1-1: Product: syz
[  106.205563][ T1218] usb 1-1: Manufacturer: syz
[  106.211531][ T1218] usb 1-1: SerialNumber: syz
[  106.221240][ T5921] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  106.233575][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.242991][ T5921] usb 3-1: Product: syz
[  106.252124][ T1218] usb 1-1: config 0 descriptor??
[  106.259665][ T5921] usb 3-1: Manufacturer: syz
[  106.267482][ T5921] usb 3-1: SerialNumber: syz
[  106.279439][ T1218] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  106.296784][ T5921] usb 3-1: config 0 descriptor??
[  106.303811][ T1218] em28xx 1-1:0.89: Video interface 89 found: bulk
[  106.317086][ T5921] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  106.330745][ T5921] em28xx 3-1:0.89: Video interface 89 found: bulk
[  106.353479][ T6298] FAULT_INJECTION: forcing a failure.
[  106.353479][ T6298] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  106.399260][ T6298] CPU: 0 UID: 0 PID: 6298 Comm: syz.4.109 Not tainted syzkaller #0 PREEMPT(full) 
[  106.399292][ T6298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  106.399305][ T6298] Call Trace:
[  106.399313][ T6298]  <TASK>
[  106.399321][ T6298]  dump_stack_lvl+0x189/0x250
[  106.399351][ T6298]  ? __pfx____ratelimit+0x10/0x10
[  106.399381][ T6298]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.399406][ T6298]  ? __pfx__printk+0x10/0x10
[  106.399434][ T6298]  ? __might_fault+0xb0/0x130
[  106.399466][ T6298]  ? rcu_is_watching+0x15/0xb0
[  106.399488][ T6298]  should_fail_ex+0x414/0x560
[  106.399518][ T6298]  _copy_from_user+0x2d/0xb0
[  106.399543][ T6298]  ___sys_sendmsg+0x158/0x2a0
[  106.399566][ T6298]  ? __pfx____sys_sendmsg+0x10/0x10
[  106.399601][ T6298]  ? __fget_files+0x2a/0x420
[  106.399632][ T6298]  ? __fget_files+0x3a0/0x420
[  106.399668][ T6298]  __x64_sys_sendmsg+0x19b/0x260
[  106.399691][ T6298]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  106.399716][ T6298]  ? __pfx_ksys_write+0x10/0x10
[  106.399745][ T6298]  ? rcu_is_watching+0x15/0xb0
[  106.399765][ T6298]  do_syscall_64+0xfa/0x3b0
[  106.399807][ T6298]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.399828][ T6298]  ? clear_bhb_loop+0x60/0xb0
[  106.399851][ T6298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.399872][ T6298] RIP: 0033:0x7f488e78ebe9
[  106.399890][ T6298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.399908][ T6298] RSP: 002b:00007f488f52b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  106.399930][ T6298] RAX: ffffffffffffffda RBX: 00007f488e9b5fa0 RCX: 00007f488e78ebe9
[  106.399947][ T6298] RDX: 00000000000c0800 RSI: 0000200000000080 RDI: 0000000000000004
[  106.399961][ T6298] RBP: 00007f488f52b090 R08: 0000000000000000 R09: 0000000000000000
[  106.399973][ T6298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.399985][ T6298] R13: 00007f488e9b6038 R14: 00007f488e9b5fa0 R15: 00007f488eadfa28
[  106.400006][ T6298]  </TASK>
[  106.917292][ T5921] em28xx 3-1:0.89: unknown em28xx chip ID (0)
[  107.032938][ T5950] usb 2-1: USB disconnect, device number 7
[  107.067764][ T1218] em28xx 1-1:0.89: unknown em28xx chip ID (0)
[  107.291244][   T30] audit: type=1326 audit(1755828878.012:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6290 comm="syz.0.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  107.409747][   T30] audit: type=1326 audit(1755828878.052:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6290 comm="syz.0.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  107.474399][ T6329] FAULT_INJECTION: forcing a failure.
[  107.474399][ T6329] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  107.474680][ T5921] em28xx 3-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  107.524824][   T30] audit: type=1326 audit(1755828878.052:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6290 comm="syz.0.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  107.531145][ T6329] CPU: 0 UID: 0 PID: 6329 Comm: syz.1.119 Not tainted syzkaller #0 PREEMPT(full) 
[  107.531184][ T6329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  107.531200][ T6329] Call Trace:
[  107.531216][ T6329]  <TASK>
[  107.531226][ T6329]  dump_stack_lvl+0x189/0x250
[  107.531279][ T6329]  ? __pfx____ratelimit+0x10/0x10
[  107.531321][ T6329]  ? __pfx_dump_stack_lvl+0x10/0x10
[  107.531354][ T6329]  ? __pfx__printk+0x10/0x10
[  107.531392][ T6329]  ? rcu_is_watching+0x15/0xb0
[  107.531417][ T6329]  should_fail_ex+0x414/0x560
[  107.531455][ T6329]  _copy_to_user+0x31/0xb0
[  107.531486][ T6329]  simple_read_from_buffer+0xe1/0x170
[  107.531526][ T6329]  proc_fail_nth_read+0x1b3/0x220
[  107.531557][ T6329]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  107.531586][ T6329]  ? rw_verify_area+0x2a6/0x4d0
[  107.531616][ T6329]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  107.531642][ T6329]  vfs_read+0x1fd/0xa30
[  107.531671][ T6329]  ? fdget_pos+0x247/0x320
[  107.531693][ T6329]  ? __pfx___mutex_lock+0x10/0x10
[  107.531728][ T6329]  ? __pfx_vfs_read+0x10/0x10
[  107.531764][ T6329]  ? __fget_files+0x3a0/0x420
[  107.531799][ T6329]  ? __fget_files+0x2a/0x420
[  107.531841][ T6329]  ksys_read+0x145/0x250
[  107.531871][ T6329]  ? __fget_files+0x3a0/0x420
[  107.531905][ T6329]  ? __pfx_ksys_read+0x10/0x10
[  107.531947][ T6329]  ? rcu_is_watching+0x15/0xb0
[  107.531973][ T6329]  do_syscall_64+0xfa/0x3b0
[  107.532011][ T6329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.532034][ T6329]  ? clear_bhb_loop+0x60/0xb0
[  107.532061][ T6329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.532086][ T6329] RIP: 0033:0x7f230258d5fc
[  107.532107][ T6329] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  107.532128][ T6329] RSP: 002b:00007f2303388030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  107.532159][ T6329] RAX: ffffffffffffffda RBX: 00007f23027b6090 RCX: 00007f230258d5fc
[  107.532187][ T6329] RDX: 000000000000000f RSI: 00007f23033880a0 RDI: 0000000000000005
[  107.532203][ T6329] RBP: 00007f2303388090 R08: 0000000000000000 R09: 0000000000000000
[  107.532217][ T6329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  107.532233][ T6329] R13: 00007f23027b6128 R14: 00007f23027b6090 R15: 00007f23028dfa28
[  107.532260][ T6329]  </TASK>
[  107.792779][ T5921] em28xx 3-1:0.89: board has no eeprom
[  107.800643][   T30] audit: type=1326 audit(1755828878.052:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6290 comm="syz.0.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  107.832106][   T30] audit: type=1326 audit(1755828878.052:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6290 comm="syz.0.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  107.844314][ T1218] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  107.866343][   T30] audit: type=1326 audit(1755828878.052:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6290 comm="syz.0.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  107.874288][ T1218] em28xx 1-1:0.89: board has no eeprom
[  107.890465][   T30] audit: type=1326 audit(1755828878.052:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6290 comm="syz.0.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  107.918349][   T30] audit: type=1326 audit(1755828878.052:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6290 comm="syz.0.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  107.941839][   T30] audit: type=1326 audit(1755828878.052:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6290 comm="syz.0.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  107.965915][   T30] audit: type=1326 audit(1755828878.052:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6290 comm="syz.0.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=52 compat=0 ip=0x7f383558ebe9 code=0x7ffc0000
[  107.988126][ T5921] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67)
[  107.995616][ T1218] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67)
[  108.002954][ T1218] em28xx 1-1:0.89: analog set to bulk mode.
[  108.009352][ T5921] em28xx 3-1:0.89: analog set to bulk mode.
[  108.017648][ T5950] em28xx 3-1:0.89: Registering V4L2 extension
[  108.034363][ T5921] usb 3-1: USB disconnect, device number 4
[  108.068207][ T5921] em28xx 3-1:0.89: Disconnecting em28xx
[  108.080669][ T1218] usb 1-1: USB disconnect, device number 5
[  108.087783][ T1218] em28xx 1-1:0.89: Disconnecting em28xx
[  108.107124][ T5950] em28xx 3-1:0.89: Config register raw data: 0xffffffed
[  108.114611][ T5950] em28xx 3-1:0.89: AC97 chip type couldn't be determined
[  108.122692][ T5950] em28xx 3-1:0.89: No AC97 audio processor
[  108.155343][ T5950] usb 3-1: Decoder not found
[  108.160347][ T5950] em28xx 3-1:0.89: failed to create media graph
[  108.181699][ T5950] em28xx 3-1:0.89: V4L2 device video103 deregistered
[  108.222326][ T5950] em28xx 3-1:0.89: Registering snapshot button...
[  108.232422][ T5950] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input6
[  108.260337][ T5950] em28xx 3-1:0.89: Remote control support is not available for this card.
[  108.290487][ T5920] em28xx 1-1:0.89: Registering V4L2 extension
[  108.605596][ T5920] em28xx 1-1:0.89: Config register raw data: 0xffffffed
[  108.612983][ T5920] em28xx 1-1:0.89: AC97 chip type couldn't be determined
[  108.640413][ T5920] em28xx 1-1:0.89: No AC97 audio processor
[  108.764337][ T5920] usb 1-1: Decoder not found
[  108.854286][ T5920] em28xx 1-1:0.89: failed to create media graph
[  108.860714][ T5920] em28xx 1-1:0.89: V4L2 device video103 deregistered
[  108.974704][ T5920] em28xx 1-1:0.89: Registering snapshot button...
[  108.984039][ T5920] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input7
[  109.096373][ T5920] em28xx 1-1:0.89: Remote control support is not available for this card.
[  109.174280][ T5921] em28xx 3-1:0.89: Closing input extension
[  109.180378][ T5921] em28xx 3-1:0.89: Deregistering snapshot button
[  109.340332][ T1218] em28xx 1-1:0.89: Closing input extension
[  109.351868][ T1218] em28xx 1-1:0.89: Deregistering snapshot button
[  109.376279][ T5921] em28xx 3-1:0.89: Freeing device
[  109.549649][ T1218] em28xx 1-1:0.89: Freeing device
[  109.799314][ T6360] FAULT_INJECTION: forcing a failure.
[  109.799314][ T6360] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.839142][ T6360] CPU: 1 UID: 0 PID: 6360 Comm: syz.4.128 Not tainted syzkaller #0 PREEMPT(full) 
[  109.839174][ T6360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  109.839188][ T6360] Call Trace:
[  109.839196][ T6360]  <TASK>
[  109.839205][ T6360]  dump_stack_lvl+0x189/0x250
[  109.839236][ T6360]  ? __pfx____ratelimit+0x10/0x10
[  109.839266][ T6360]  ? __pfx_dump_stack_lvl+0x10/0x10
[  109.839291][ T6360]  ? __pfx__printk+0x10/0x10
[  109.839319][ T6360]  ? __might_fault+0xb0/0x130
[  109.839352][ T6360]  ? rcu_is_watching+0x15/0xb0
[  109.839375][ T6360]  should_fail_ex+0x414/0x560
[  109.839404][ T6360]  _copy_from_user+0x2d/0xb0
[  109.839429][ T6360]  ___sys_sendmsg+0x158/0x2a0
[  109.839452][ T6360]  ? __pfx____sys_sendmsg+0x10/0x10
[  109.839491][ T6360]  ? __fget_files+0x2a/0x420
[  109.839523][ T6360]  ? __fget_files+0x3a0/0x420
[  109.839560][ T6360]  __x64_sys_sendmsg+0x19b/0x260
[  109.839583][ T6360]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  109.839609][ T6360]  ? __pfx_ksys_write+0x10/0x10
[  109.839636][ T6360]  ? rcu_is_watching+0x15/0xb0
[  109.839658][ T6360]  ? rcu_is_watching+0x15/0xb0
[  109.839679][ T6360]  do_syscall_64+0xfa/0x3b0
[  109.839711][ T6360]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.839732][ T6360]  ? clear_bhb_loop+0x60/0xb0
[  109.839756][ T6360]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.839783][ T6360] RIP: 0033:0x7f488e78ebe9
[  109.839802][ T6360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  109.839820][ T6360] RSP: 002b:00007f488f52b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  109.839844][ T6360] RAX: ffffffffffffffda RBX: 00007f488e9b5fa0 RCX: 00007f488e78ebe9
[  109.839860][ T6360] RDX: 0000000000000080 RSI: 0000200000000800 RDI: 0000000000000003
[  109.839874][ T6360] RBP: 00007f488f52b090 R08: 0000000000000000 R09: 0000000000000000
[  109.839887][ T6360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  109.839899][ T6360] R13: 00007f488e9b6038 R14: 00007f488e9b5fa0 R15: 00007f488eadfa28
[  109.839922][ T6360]  </TASK>
[  110.264776][ T6365] FAULT_INJECTION: forcing a failure.
[  110.264776][ T6365] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  110.349069][ T6365] CPU: 0 UID: 0 PID: 6365 Comm: syz.4.129 Not tainted syzkaller #0 PREEMPT(full) 
[  110.349101][ T6365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  110.349115][ T6365] Call Trace:
[  110.349123][ T6365]  <TASK>
[  110.349133][ T6365]  dump_stack_lvl+0x189/0x250
[  110.349164][ T6365]  ? __pfx____ratelimit+0x10/0x10
[  110.349196][ T6365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.349222][ T6365]  ? __pfx__printk+0x10/0x10
[  110.349251][ T6365]  ? __might_fault+0xb0/0x130
[  110.349283][ T6365]  ? __up_read+0x280/0x680
[  110.349308][ T6365]  ? rcu_is_watching+0x15/0xb0
[  110.349332][ T6365]  should_fail_ex+0x414/0x560
[  110.349362][ T6365]  _copy_from_user+0x2d/0xb0
[  110.349387][ T6365]  io_submit_one+0xc2/0x1310
[  110.349412][ T6365]  ? rcu_is_watching+0x15/0xb0
[  110.349445][ T6365]  ? __pfx_io_submit_one+0x10/0x10
[  110.349466][ T6365]  ? __might_fault+0xb0/0x130
[  110.349494][ T6365]  ? rcu_is_watching+0x15/0xb0
[  110.349515][ T6365]  ? lock_acquire+0x5f/0x360
[  110.349550][ T6365]  ? lock_release+0x4b/0x3e0
[  110.349582][ T6365]  ? __might_fault+0xcc/0x130
[  110.349613][ T6365]  __se_sys_io_submit+0x185/0x2f0
[  110.349648][ T6365]  ? __pfx___se_sys_io_submit+0x10/0x10
[  110.349684][ T6365]  ? ksys_write+0x22a/0x250
[  110.349712][ T6365]  ? rcu_is_watching+0x15/0xb0
[  110.349732][ T6365]  do_syscall_64+0xfa/0x3b0
[  110.349764][ T6365]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.349785][ T6365]  ? clear_bhb_loop+0x60/0xb0
[  110.349810][ T6365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.349832][ T6365] RIP: 0033:0x7f488e78ebe9
[  110.349851][ T6365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.349870][ T6365] RSP: 002b:00007f488f52b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  110.349894][ T6365] RAX: ffffffffffffffda RBX: 00007f488e9b5fa0 RCX: 00007f488e78ebe9
[  110.349910][ T6365] RDX: 0000200000000580 RSI: 0000000000000001 RDI: 00007f488f509000
[  110.349925][ T6365] RBP: 00007f488f52b090 R08: 0000000000000000 R09: 0000000000000000
[  110.349939][ T6365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  110.349952][ T6365] R13: 00007f488e9b6038 R14: 00007f488e9b5fa0 R15: 00007f488eadfa28
[  110.349976][ T6365]  </TASK>
[  110.585209][    C0] vkms_vblank_simulate: vblank timer overrun
[  112.597373][ T5949] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  112.776860][ T5949] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.806613][ T5949] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  112.843043][ T5949] usb 4-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  112.912067][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.977520][ T5949] usb 4-1: config 0 descriptor??
[  113.269521][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  113.269543][   T30] audit: type=1326 audit(1755828883.992:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.3.134" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f608558ebe9 code=0x0
[  113.438132][ T6409] VFS: Mount too revealing
[  113.447247][ T6409] netlink: 12 bytes leftover after parsing attributes in process `syz.1.139'.
[  113.464334][ T6409] netlink: 12 bytes leftover after parsing attributes in process `syz.1.139'.
[  113.497622][ T6409] fuse: Bad value for 'fd'
[  114.055093][ T6416] FAULT_INJECTION: forcing a failure.
[  114.055093][ T6416] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  114.097002][ T6416] CPU: 0 UID: 0 PID: 6416 Comm: syz.0.140 Not tainted syzkaller #0 PREEMPT(full) 
[  114.097026][ T6416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  114.097035][ T6416] Call Trace:
[  114.097041][ T6416]  <TASK>
[  114.097051][ T6416]  dump_stack_lvl+0x189/0x250
[  114.097074][ T6416]  ? __pfx____ratelimit+0x10/0x10
[  114.097096][ T6416]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.097113][ T6416]  ? __pfx__printk+0x10/0x10
[  114.097133][ T6416]  ? __might_fault+0xb0/0x130
[  114.097157][ T6416]  ? rcu_is_watching+0x15/0xb0
[  114.097173][ T6416]  should_fail_ex+0x414/0x560
[  114.097195][ T6416]  _copy_from_user+0x2d/0xb0
[  114.097212][ T6416]  ___sys_sendmsg+0x158/0x2a0
[  114.097229][ T6416]  ? __pfx____sys_sendmsg+0x10/0x10
[  114.097242][ T6416]  ? ktime_get+0x3e/0x1f0
[  114.097262][ T6416]  ? ktime_get+0x3e/0x1f0
[  114.097288][ T6416]  ? __fget_files+0x2a/0x420
[  114.097311][ T6416]  ? __fget_files+0x3a0/0x420
[  114.097337][ T6416]  __x64_sys_sendmsg+0x19b/0x260
[  114.097353][ T6416]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  114.097374][ T6416]  ? rcu_is_watching+0x15/0xb0
[  114.097390][ T6416]  do_syscall_64+0xfa/0x3b0
[  114.097412][ T6416]  ? rcu_is_watching+0x15/0xb0
[  114.097425][ T6416]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.097440][ T6416]  ? clear_bhb_loop+0x60/0xb0
[  114.097457][ T6416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.097472][ T6416] RIP: 0033:0x7f383558ebe9
[  114.097485][ T6416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.097498][ T6416] RSP: 002b:00007f38337f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  114.097522][ T6416] RAX: ffffffffffffffda RBX: 00007f38357b5fa0 RCX: 00007f383558ebe9
[  114.097533][ T6416] RDX: 0000000000004804 RSI: 0000200000000300 RDI: 0000000000000003
[  114.097543][ T6416] RBP: 00007f38337f6090 R08: 0000000000000000 R09: 0000000000000000
[  114.097552][ T6416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  114.097561][ T6416] R13: 00007f38357b6038 R14: 00007f38357b5fa0 R15: 00007f38358dfa28
[  114.097577][ T6416]  </TASK>
[  114.474378][ T5911] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  114.648973][ T5911] usb 2-1: Using ep0 maxpacket: 16
[  114.661979][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  114.704680][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  114.734208][ T5911] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  114.786157][ T5911] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  114.809424][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.821143][ T5911] usb 2-1: config 0 descriptor??
[  114.940261][ T5947] hid (null): global environment stack underflow
[  114.952097][ T5947] hid (null): global environment stack underflow
[  114.966953][ T5947] hid-generic 0002:0001:0003.0001: global environment stack underflow
[  114.977318][ T5947] hid-generic 0002:0001:0003.0001: item 0 1 1 11 parsing failed
[  114.989977][ T5947] hid-generic 0002:0001:0003.0001: probe with driver hid-generic failed with error -22
[  115.169868][ T6433] FAULT_INJECTION: forcing a failure.
[  115.169868][ T6433] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  115.188579][ T6433] CPU: 1 UID: 0 PID: 6433 Comm: syz.4.147 Not tainted syzkaller #0 PREEMPT(full) 
[  115.188609][ T6433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  115.188622][ T6433] Call Trace:
[  115.188630][ T6433]  <TASK>
[  115.188639][ T6433]  dump_stack_lvl+0x189/0x250
[  115.188669][ T6433]  ? __pfx____ratelimit+0x10/0x10
[  115.188698][ T6433]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.188721][ T6433]  ? __pfx__printk+0x10/0x10
[  115.188747][ T6433]  ? __might_fault+0xb0/0x130
[  115.188779][ T6433]  ? rcu_is_watching+0x15/0xb0
[  115.188802][ T6433]  should_fail_ex+0x414/0x560
[  115.188832][ T6433]  _copy_from_user+0x2d/0xb0
[  115.188855][ T6433]  ___sys_sendmsg+0x158/0x2a0
[  115.188877][ T6433]  ? __pfx____sys_sendmsg+0x10/0x10
[  115.188914][ T6433]  ? __fget_files+0x2a/0x420
[  115.188946][ T6433]  ? __fget_files+0x3a0/0x420
[  115.188981][ T6433]  __x64_sys_sendmsg+0x19b/0x260
[  115.189003][ T6433]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  115.189028][ T6433]  ? __pfx_ksys_write+0x10/0x10
[  115.189057][ T6433]  ? rcu_is_watching+0x15/0xb0
[  115.189079][ T6433]  do_syscall_64+0xfa/0x3b0
[  115.189109][ T6433]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.189129][ T6433]  ? clear_bhb_loop+0x60/0xb0
[  115.189151][ T6433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.189171][ T6433] RIP: 0033:0x7f488e78ebe9
[  115.189198][ T6433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.189216][ T6433] RSP: 002b:00007f488f52b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  115.189239][ T6433] RAX: ffffffffffffffda RBX: 00007f488e9b5fa0 RCX: 00007f488e78ebe9
[  115.189254][ T6433] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  115.189266][ T6433] RBP: 00007f488f52b090 R08: 0000000000000000 R09: 0000000000000000
[  115.189279][ T6433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  115.189290][ T6433] R13: 00007f488e9b6038 R14: 00007f488e9b5fa0 R15: 00007f488eadfa28
[  115.189313][ T6433]  </TASK>
[  115.194481][ T5989] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  115.436267][ T5949] usb 4-1: string descriptor 0 read error: -71
[  115.446551][ T5949] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  115.457127][ T5949] usb 4-1: USB disconnect, device number 6
[  115.496833][ T5911] usbhid 2-1:0.0: can't add hid device: -71
[  115.503343][ T5911] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  115.529242][ T5911] usb 2-1: USB disconnect, device number 8
[  115.593993][ T6444] FAULT_INJECTION: forcing a failure.
[  115.593993][ T6444] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  115.609718][ T6444] CPU: 1 UID: 0 PID: 6444 Comm: syz.3.152 Not tainted syzkaller #0 PREEMPT(full) 
[  115.609749][ T6444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  115.609762][ T6444] Call Trace:
[  115.609771][ T6444]  <TASK>
[  115.609780][ T6444]  dump_stack_lvl+0x189/0x250
[  115.609812][ T6444]  ? __pfx____ratelimit+0x10/0x10
[  115.609843][ T6444]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.609869][ T6444]  ? __pfx__printk+0x10/0x10
[  115.609898][ T6444]  ? __might_fault+0xb0/0x130
[  115.609933][ T6444]  ? rcu_is_watching+0x15/0xb0
[  115.609956][ T6444]  should_fail_ex+0x414/0x560
[  115.609986][ T6444]  _copy_from_user+0x2d/0xb0
[  115.610012][ T6444]  ___sys_sendmsg+0x158/0x2a0
[  115.610036][ T6444]  ? __pfx____sys_sendmsg+0x10/0x10
[  115.610076][ T6444]  ? __fget_files+0x2a/0x420
[  115.610106][ T6444]  ? __fget_files+0x3a0/0x420
[  115.610142][ T6444]  __x64_sys_sendmsg+0x19b/0x260
[  115.610176][ T6444]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  115.610203][ T6444]  ? __pfx_ksys_write+0x10/0x10
[  115.610229][ T6444]  ? rcu_is_watching+0x15/0xb0
[  115.610251][ T6444]  ? rcu_is_watching+0x15/0xb0
[  115.610272][ T6444]  do_syscall_64+0xfa/0x3b0
[  115.610304][ T6444]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.610326][ T6444]  ? clear_bhb_loop+0x60/0xb0
[  115.610350][ T6444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.610364][ T5989] usb 3-1: Using ep0 maxpacket: 8
[  115.610371][ T6444] RIP: 0033:0x7f608558ebe9
[  115.610391][ T6444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.610408][ T6444] RSP: 002b:00007f60837f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  115.610432][ T6444] RAX: ffffffffffffffda RBX: 00007f60857b5fa0 RCX: 00007f608558ebe9
[  115.610448][ T6444] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  115.610463][ T6444] RBP: 00007f60837f6090 R08: 0000000000000000 R09: 0000000000000000
[  115.610478][ T6444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  115.610494][ T6444] R13: 00007f60857b6038 R14: 00007f60857b5fa0 R15: 00007f60858dfa28
[  115.610535][ T6444]  </TASK>
[  115.687324][ T1218] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  115.693702][ T5989] usb 3-1: config 0 has an invalid descriptor of length 220, skipping remainder of the config
[  115.853942][ T5989] usb 3-1: too many endpoints for config 0 interface 0 altsetting 99: 177, using maximum allowed: 30
[  115.866231][ T5989] usb 3-1: config 0 interface 0 altsetting 99 has 0 endpoint descriptors, different from the interface descriptor's value: 177
[  115.879523][ T5989] usb 3-1: config 0 interface 0 has no altsetting 0
[  115.879566][ T1218] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  115.901441][ T5989] usb 3-1: New USB device found, idVendor=057e, idProduct=2017, bcdDevice= 0.00
[  115.906154][ T1218] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.912186][ T6450] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  115.938130][ T5989] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.998387][ T5989] usb 3-1: config 0 descriptor??
[  116.020880][ T1218] usb 5-1: Product: syz
[  116.044317][ T1218] usb 5-1: Manufacturer: syz
[  116.051117][ T1218] usb 5-1: SerialNumber: syz
[  116.068836][ T1218] usb 5-1: config 0 descriptor??
[  116.218519][ T5989] usb 3-1: string descriptor 0 read error: -71
[  116.260767][ T5989] usb 3-1: USB disconnect, device number 5
[  116.331948][ T1218] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  117.458690][ T6472] FAULT_INJECTION: forcing a failure.
[  117.458690][ T6472] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  117.564321][ T6472] CPU: 1 UID: 0 PID: 6472 Comm: syz.3.161 Not tainted syzkaller #0 PREEMPT(full) 
[  117.564353][ T6472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  117.564371][ T6472] Call Trace:
[  117.564379][ T6472]  <TASK>
[  117.564393][ T6472]  dump_stack_lvl+0x189/0x250
[  117.564432][ T6472]  ? __pfx____ratelimit+0x10/0x10
[  117.564462][ T6472]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.564487][ T6472]  ? __pfx__printk+0x10/0x10
[  117.564515][ T6472]  ? __might_fault+0xb0/0x130
[  117.564548][ T6472]  ? rcu_is_watching+0x15/0xb0
[  117.564571][ T6472]  should_fail_ex+0x414/0x560
[  117.564601][ T6472]  _copy_from_user+0x2d/0xb0
[  117.564625][ T6472]  ___sys_sendmsg+0x158/0x2a0
[  117.564649][ T6472]  ? __pfx____sys_sendmsg+0x10/0x10
[  117.564688][ T6472]  ? __fget_files+0x2a/0x420
[  117.564720][ T6472]  ? __fget_files+0x3a0/0x420
[  117.564756][ T6472]  __x64_sys_sendmsg+0x19b/0x260
[  117.564779][ T6472]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  117.564805][ T6472]  ? __pfx_ksys_write+0x10/0x10
[  117.564836][ T6472]  ? rcu_is_watching+0x15/0xb0
[  117.564857][ T6472]  do_syscall_64+0xfa/0x3b0
[  117.564888][ T6472]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.564909][ T6472]  ? clear_bhb_loop+0x60/0xb0
[  117.564931][ T6472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.564952][ T6472] RIP: 0033:0x7f608558ebe9
[  117.564975][ T6472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.564993][ T6472] RSP: 002b:00007f60837f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.565021][ T6472] RAX: ffffffffffffffda RBX: 00007f60857b5fa0 RCX: 00007f608558ebe9
[  117.565037][ T6472] RDX: 0000000000000804 RSI: 0000200000000040 RDI: 0000000000000006
[  117.565050][ T6472] RBP: 00007f60837f6090 R08: 0000000000000000 R09: 0000000000000000
[  117.565064][ T6472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.565076][ T6472] R13: 00007f60857b6038 R14: 00007f60857b5fa0 R15: 00007f60858dfa28
[  117.565100][ T6472]  </TASK>
[  118.055953][ T6480] netlink: 'syz.0.162': attribute type 29 has an invalid length.
[  118.360447][ T5989] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  118.477696][ T6490] FAULT_INJECTION: forcing a failure.
[  118.477696][ T6490] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  118.544629][ T5989] usb 1-1: Using ep0 maxpacket: 16
[  118.559916][ T5989] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  118.577066][ T5989] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  118.577126][ T6490] CPU: 1 UID: 0 PID: 6490 Comm: syz.2.166 Not tainted syzkaller #0 PREEMPT(full) 
[  118.577150][ T6490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  118.577164][ T6490] Call Trace:
[  118.577174][ T6490]  <TASK>
[  118.577184][ T6490]  dump_stack_lvl+0x189/0x250
[  118.577225][ T6490]  ? __pfx____ratelimit+0x10/0x10
[  118.577269][ T6490]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.577298][ T6490]  ? __pfx__printk+0x10/0x10
[  118.577334][ T6490]  ? rcu_is_watching+0x15/0xb0
[  118.577357][ T6490]  should_fail_ex+0x414/0x560
[  118.577391][ T6490]  _copy_to_user+0x31/0xb0
[  118.577419][ T6490]  simple_read_from_buffer+0xe1/0x170
[  118.577456][ T6490]  proc_fail_nth_read+0x1b3/0x220
[  118.577484][ T6490]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  118.577511][ T6490]  ? rw_verify_area+0x2a6/0x4d0
[  118.577542][ T6490]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  118.577567][ T6490]  vfs_read+0x1fd/0xa30
[  118.577597][ T6490]  ? fdget_pos+0x247/0x320
[  118.577619][ T6490]  ? __pfx___mutex_lock+0x10/0x10
[  118.577653][ T6490]  ? __pfx_vfs_read+0x10/0x10
[  118.577686][ T6490]  ? __fget_files+0x3a0/0x420
[  118.577720][ T6490]  ? __fget_files+0x2a/0x420
[  118.577759][ T6490]  ksys_read+0x145/0x250
[  118.577789][ T6490]  ? __fget_files+0x3a0/0x420
[  118.577825][ T6490]  ? __pfx_ksys_read+0x10/0x10
[  118.577856][ T6490]  ? rcu_is_watching+0x15/0xb0
[  118.577881][ T6490]  do_syscall_64+0xfa/0x3b0
[  118.577917][ T6490]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.577939][ T6490]  ? clear_bhb_loop+0x60/0xb0
[  118.577966][ T6490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.577990][ T6490] RIP: 0033:0x7fe2d0f8d5fc
[  118.578009][ T6490] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  118.578029][ T6490] RSP: 002b:00007fe2cf1f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  118.578056][ T6490] RAX: ffffffffffffffda RBX: 00007fe2d11b5fa0 RCX: 00007fe2d0f8d5fc
[  118.578073][ T6490] RDX: 000000000000000f RSI: 00007fe2cf1f60a0 RDI: 0000000000000003
[  118.578089][ T6490] RBP: 00007fe2cf1f6090 R08: 0000000000000000 R09: 0000000000000000
[  118.578102][ T6490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  118.578117][ T6490] R13: 00007fe2d11b6038 R14: 00007fe2d11b5fa0 R15: 00007fe2d12dfa28
[  118.578141][ T6490]  </TASK>
[  118.992519][ T5989] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  119.002698][ T5989] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.093788][ T5989] usb 1-1: Product: syz
[  119.098903][ T5989] usb 1-1: Manufacturer: syz
[  119.114206][ T5989] usb 1-1: SerialNumber: syz
[  119.119365][ T1218] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  119.195488][ T5989] usb 1-1: config 0 descriptor??
[  119.226627][ T5989] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  119.251017][ T5989] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  119.503862][ T6499] netlink: 24 bytes leftover after parsing attributes in process `syz.2.168'.
[  119.627630][ T6503] FAULT_INJECTION: forcing a failure.
[  119.627630][ T6503] name failslab, interval 1, probability 0, space 0, times 0
[  119.643281][ T6503] CPU: 1 UID: 0 PID: 6503 Comm: syz.3.169 Not tainted syzkaller #0 PREEMPT(full) 
[  119.643313][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  119.643326][ T6503] Call Trace:
[  119.643335][ T6503]  <TASK>
[  119.643351][ T6503]  dump_stack_lvl+0x189/0x250
[  119.643383][ T6503]  ? __pfx____ratelimit+0x10/0x10
[  119.643413][ T6503]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.643438][ T6503]  ? __pfx__printk+0x10/0x10
[  119.643469][ T6503]  ? fs_reclaim_acquire+0x7d/0x100
[  119.643504][ T6503]  ? __pfx___might_resched+0x10/0x10
[  119.643524][ T6503]  ? lock_acquire+0x5f/0x360
[  119.643556][ T6503]  should_fail_ex+0x414/0x560
[  119.643586][ T6503]  ? __pfx_sock_alloc_inode+0x10/0x10
[  119.643613][ T6503]  should_failslab+0xa8/0x100
[  119.643645][ T6503]  ? __pfx_sock_alloc_inode+0x10/0x10
[  119.643670][ T6503]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  119.643699][ T6503]  ? sock_alloc_inode+0x28/0xc0
[  119.643727][ T6503]  ? __pfx_sock_alloc_inode+0x10/0x10
[  119.643752][ T6503]  sock_alloc_inode+0x28/0xc0
[  119.643778][ T6503]  alloc_inode+0x6a/0x1b0
[  119.643809][ T6503]  __sock_create+0x12d/0x9f0
[  119.643849][ T6503]  __sys_socket+0xd7/0x1b0
[  119.643879][ T6503]  __x64_sys_socket+0x7a/0x90
[  119.643908][ T6503]  do_syscall_64+0xfa/0x3b0
[  119.643940][ T6503]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.643961][ T6503]  ? clear_bhb_loop+0x60/0xb0
[  119.643985][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.644006][ T6503] RIP: 0033:0x7f6085590b07
[  119.644025][ T6503] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.644043][ T6503] RSP: 002b:00007f60837f4f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  119.644066][ T6503] RAX: ffffffffffffffda RBX: 00007f60857b5fa0 RCX: 00007f6085590b07
[  119.644083][ T6503] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  119.644095][ T6503] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  119.644108][ T6503] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000006
[  119.644125][ T6503] R13: 00007f60857b6038 R14: 0000200000000100 R15: 0000200000000180
[  119.644145][ T6503]  </TASK>
[  119.882763][ T6503] socket: no more sockets
[  119.896864][ T6505] FAULT_INJECTION: forcing a failure.
[  119.896864][ T6505] name failslab, interval 1, probability 0, space 0, times 0
[  119.909688][ T6505] CPU: 1 UID: 0 PID: 6505 Comm: syz.1.170 Not tainted syzkaller #0 PREEMPT(full) 
[  119.909715][ T6505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  119.909728][ T6505] Call Trace:
[  119.909737][ T6505]  <TASK>
[  119.909745][ T6505]  dump_stack_lvl+0x189/0x250
[  119.909777][ T6505]  ? __pfx____ratelimit+0x10/0x10
[  119.909805][ T6505]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.909830][ T6505]  ? __pfx__printk+0x10/0x10
[  119.909863][ T6505]  ? __pfx___might_resched+0x10/0x10
[  119.909882][ T6505]  ? lock_acquire+0x5f/0x360
[  119.909916][ T6505]  should_fail_ex+0x414/0x560
[  119.909955][ T6505]  should_failslab+0xa8/0x100
[  119.909987][ T6505]  __kmalloc_noprof+0xcb/0x4f0
[  119.910015][ T6505]  ? kfree+0x4d/0x440
[  119.910039][ T6505]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  119.910064][ T6505]  tomoyo_realpath_from_path+0xe3/0x5d0
[  119.910087][ T6505]  ? tomoyo_domain+0xd9/0x130
[  119.910110][ T6505]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  119.910139][ T6505]  tomoyo_path_number_perm+0x1e8/0x5a0
[  119.910168][ T6505]  ? lock_release+0x4b/0x3e0
[  119.910199][ T6505]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  119.910230][ T6505]  ? rcu_is_watching+0x15/0xb0
[  119.910250][ T6505]  ? lock_release+0x4b/0x3e0
[  119.910279][ T6505]  ? vfs_write+0x956/0xb30
[  119.910308][ T6505]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  119.910349][ T6505]  ? lock_release+0x4b/0x3e0
[  119.910382][ T6505]  ? __fget_files+0x2a/0x420
[  119.910413][ T6505]  ? __fget_files+0x3a0/0x420
[  119.910444][ T6505]  ? __fget_files+0x2a/0x420
[  119.910477][ T6505]  security_file_ioctl+0xcb/0x2d0
[  119.910507][ T6505]  __se_sys_ioctl+0x47/0x170
[  119.910533][ T6505]  do_syscall_64+0xfa/0x3b0
[  119.910565][ T6505]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.910586][ T6505]  ? clear_bhb_loop+0x60/0xb0
[  119.910610][ T6505]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.910631][ T6505] RIP: 0033:0x7f230258ebe9
[  119.910650][ T6505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.910668][ T6505] RSP: 002b:00007f23033a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  119.910691][ T6505] RAX: ffffffffffffffda RBX: 00007f23027b5fa0 RCX: 00007f230258ebe9
[  119.910707][ T6505] RDX: 0000200000000080 RSI: 00000000000089f3 RDI: 0000000000000003
[  119.910720][ T6505] RBP: 00007f23033a9090 R08: 0000000000000000 R09: 0000000000000000
[  119.910734][ T6505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  119.910747][ T6505] R13: 00007f23027b6038 R14: 00007f23027b5fa0 R15: 00007f23028dfa28
[  119.910770][ T6505]  </TASK>
[  119.910779][ T6505] ERROR: Out of memory at tomoyo_realpath_from_path.
[  119.965664][ T5989] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  120.217418][ T5989] em28xx 1-1:0.0: Config register raw data: 0xfffffffb
[  120.369011][ T5949] usb 5-1: USB disconnect, device number 10
[  120.460061][ T6520] FAULT_INJECTION: forcing a failure.
[  120.460061][ T6520] name failslab, interval 1, probability 0, space 0, times 0
[  120.500124][ T6522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.518256][ T6522] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.550045][ T6520] CPU: 0 UID: 0 PID: 6520 Comm: syz.4.175 Not tainted syzkaller #0 PREEMPT(full) 
[  120.550074][ T6520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  120.550088][ T6520] Call Trace:
[  120.550101][ T6520]  <TASK>
[  120.550110][ T6520]  dump_stack_lvl+0x189/0x250
[  120.550143][ T6520]  ? __pfx____ratelimit+0x10/0x10
[  120.550174][ T6520]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.550200][ T6520]  ? __pfx__printk+0x10/0x10
[  120.550233][ T6520]  ? __pfx___might_resched+0x10/0x10
[  120.550255][ T6520]  ? lock_acquire+0x5f/0x360
[  120.550288][ T6520]  should_fail_ex+0x414/0x560
[  120.550319][ T6520]  should_failslab+0xa8/0x100
[  120.550352][ T6520]  __kmalloc_noprof+0xcb/0x4f0
[  120.550382][ T6520]  ? snd_pcm_hw_refine+0x967/0x1640
[  120.550406][ T6520]  snd_pcm_hw_refine+0x967/0x1640
[  120.550436][ T6520]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  120.550462][ T6520]  ? rcu_is_watching+0x15/0xb0
[  120.550484][ T6520]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  120.550504][ T6520]  ? trace_contention_end+0x39/0x120
[  120.550544][ T6520]  snd_pcm_hw_param_first+0x3e9/0xaf0
[  120.550579][ T6520]  snd_pcm_hw_params+0x575/0x1d30
[  120.550612][ T6520]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  120.550641][ T6520]  ? snd_pcm_kernel_ioctl+0x230/0x3b0
[  120.550666][ T6520]  snd_pcm_oss_change_params_locked+0x21cb/0x3e40
[  120.550714][ T6520]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  120.550748][ T6520]  ? rcu_is_watching+0x15/0xb0
[  120.550770][ T6520]  ? rcu_is_watching+0x15/0xb0
[  120.550790][ T6520]  ? get_pid_task+0x20/0x1f0
[  120.550823][ T6520]  ? lock_release+0x4b/0x3e0
[  120.550856][ T6520]  ? get_pid_task+0x20/0x1f0
[  120.550883][ T6520]  snd_pcm_oss_read+0x26a/0x8d0
[  120.550916][ T6520]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  120.550944][ T6520]  vfs_read+0x1fd/0xa30
[  120.550976][ T6520]  ? __pfx_vfs_read+0x10/0x10
[  120.551002][ T6520]  ? lock_release+0x4b/0x3e0
[  120.551036][ T6520]  ? __fget_files+0x2a/0x420
[  120.551068][ T6520]  ? __fget_files+0x3a0/0x420
[  120.551100][ T6520]  ? __fget_files+0x2a/0x420
[  120.551154][ T6520]  ksys_read+0x145/0x250
[  120.551194][ T6520]  ? __pfx_ksys_read+0x10/0x10
[  120.551220][ T6520]  ? rcu_is_watching+0x15/0xb0
[  120.551243][ T6520]  ? rcu_is_watching+0x15/0xb0
[  120.551265][ T6520]  do_syscall_64+0xfa/0x3b0
[  120.551296][ T6520]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.551318][ T6520]  ? clear_bhb_loop+0x60/0xb0
[  120.551342][ T6520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.551363][ T6520] RIP: 0033:0x7f488e78ebe9
[  120.551382][ T6520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.551400][ T6520] RSP: 002b:00007f488f52b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  120.551422][ T6520] RAX: ffffffffffffffda RBX: 00007f488e9b5fa0 RCX: 00007f488e78ebe9
[  120.551438][ T6520] RDX: 00000000000000e5 RSI: 0000200000001380 RDI: 0000000000000004
[  120.551452][ T6520] RBP: 00007f488f52b090 R08: 0000000000000000 R09: 0000000000000000
[  120.551465][ T6520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  120.551478][ T6520] R13: 00007f488e9b6038 R14: 00007f488e9b5fa0 R15: 00007f488eadfa28
[  120.551501][ T6520]  </TASK>
[  121.099508][ T6525] syzkaller0: entered promiscuous mode
[  121.111712][ T6525] syzkaller0: entered allmulticast mode
[  121.287572][ T5989] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[  121.376545][ T5989] em28xx 1-1:0.0: No AC97 audio processor
[  121.574291][ T5911] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  122.000443][ T6542] sctp: [Deprecated]: syz.2.178 (pid 6542) Use of struct sctp_assoc_value in delayed_ack socket option.
[  122.000443][ T6542] Use struct sctp_sack_info instead
[  122.035543][ T5911] usb 5-1: device descriptor read/64, error -71
[  122.058274][ T6542] netlink: 'syz.2.178': attribute type 75 has an invalid length.
[  122.456288][ T5911] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  122.624268][ T5911] usb 5-1: device descriptor read/64, error -71
[  122.704245][ T5920] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  122.734485][ T5911] usb usb5-port1: attempt power cycle
[  122.864189][ T5920] usb 2-1: Using ep0 maxpacket: 32
[  122.871362][ T5920] usb 2-1: config 0 has an invalid interface number: 202 but max is 1
[  122.880226][ T5920] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  122.908083][ T5920] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  122.919766][ T5921] usb 1-1: USB disconnect, device number 6
[  122.935401][ T5921] em28xx 1-1:0.0: Disconnecting em28xx
[  122.960199][ T5921] em28xx 1-1:0.0: Freeing device
[  123.009245][ T5920] usb 2-1: config 0 has no interface number 0
[  123.101483][ T5920] usb 2-1: too many endpoints for config 0 interface 202 altsetting 87: 182, using maximum allowed: 30
[  123.143889][ T5920] usb 2-1: config 0 interface 202 altsetting 87 endpoint 0x2 has invalid maxpacket 255, setting to 64
[  123.263259][ T5911] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  123.322133][ T5920] usb 2-1: config 0 interface 202 altsetting 87 has 1 endpoint descriptor, different from the interface descriptor's value: 182
[  123.367306][ T5911] usb 5-1: device descriptor read/8, error -71
[  123.374408][ T5920] usb 2-1: config 0 interface 202 has no altsetting 0
[  123.396260][ T5920] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.2b
[  123.405923][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.423558][ T5920] usb 2-1: Product: syz
[  123.446873][ T5920] usb 2-1: Manufacturer: syz
[  123.460220][ T5920] usb 2-1: SerialNumber: syz
[  123.484998][ T5920] usb 2-1: config 0 descriptor??
[  123.530237][ T5920] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  123.604335][ T5911] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  123.655991][ T5911] usb 5-1: device descriptor read/8, error -71
[  123.704216][ T5921] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  123.774497][ T5911] usb usb5-port1: unable to enumerate USB device
[  123.864313][ T5920] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  123.876699][ T5921] usb 1-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  123.889223][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.901717][ T5921] usb 1-1: config 0 descriptor??
[  123.972625][ T6568] loop6: detected capacity change from 0 to 1
[  123.983168][ T6568] Dev loop6: unable to read RDB block 1
[  123.992464][ T6568]  loop6: unable to read partition table
[  123.999099][ T6568] loop6: partition table beyond EOD, truncated
[  124.007067][ T6568] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  124.025903][ T5920] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  124.037664][ T5920] usb 3-1: config 0 has no interfaces?
[  124.045596][ T5920] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  124.056976][ T5920] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.066155][ T5920] usb 3-1: Product: syz
[  124.070843][ T5920] usb 3-1: Manufacturer: syz
[  124.081492][ T5920] usb 3-1: SerialNumber: syz
[  124.105226][ T5920] usb 3-1: config 0 descriptor??
[  124.123887][ T5921] snd-usb-hiface 1-1:0.0: probe with driver snd-usb-hiface failed with error -22
[  124.331878][ T6561] netlink: 'syz.0.185': attribute type 10 has an invalid length.
[  124.365551][ T6561] team0: Port device dummy0 added
[  124.388862][ T5920] usb 1-1: USB disconnect, device number 7
[  124.574600][   T12] usb 2-1: Failed to submit usb control message: -110
[  124.582513][   T12] usb 2-1: unable to send the bmi data to the device: -110
[  124.592089][   T12] usb 2-1: unable to get target info from device
[  124.601365][   T12] usb 2-1: could not get target info (-110)
[  124.608418][   T12] usb 2-1: could not probe fw (-110)
[  124.644339][ T5921] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  124.806473][ T5921] usb 4-1: config 150 has an invalid interface number: 204 but max is 0
[  124.817045][ T5921] usb 4-1: config 150 has no interface number 0
[  124.824696][ T5921] usb 4-1: config 150 interface 204 has no altsetting 0
[  124.836468][ T5921] usb 4-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  124.846305][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.854997][ T5921] usb 4-1: Product: syz
[  124.861054][ T5921] usb 4-1: Manufacturer: syz
[  124.866200][ T5921] usb 4-1: SerialNumber: syz
[  124.997941][ T1218] usb 2-1: USB disconnect, device number 9
[  125.088365][ T5921] usb 4-1: USB disconnect, device number 7
[  125.214330][ T5911] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  125.378094][   T30] audit: type=1326 audit(1755828896.102:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6565 comm="syz.2.186" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe2d0f8ebe9 code=0x0
[  125.410530][ T5911] usb 1-1: Using ep0 maxpacket: 32
[  125.426599][ T5911] usb 1-1: config 0 has an invalid interface number: 89 but max is 0
[  125.437432][ T5911] usb 1-1: config 0 has no interface number 0
[  125.455183][ T5911] usb 1-1: config 0 interface 89 has no altsetting 0
[  125.469298][ T5911] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  125.479803][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.492143][ T5911] usb 1-1: Product: syz
[  125.497942][ T5911] usb 1-1: Manufacturer: syz
[  125.503720][ T5911] usb 1-1: SerialNumber: syz
[  125.523143][ T5911] usb 1-1: config 0 descriptor??
[  125.805951][ T5911] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  125.817573][ T5911] em28xx 1-1:0.89: Video interface 89 found: bulk
[  125.908199][ T5947] usb 3-1: USB disconnect, device number 6
[  126.579742][ T5911] em28xx 1-1:0.89: unknown em28xx chip ID (0)
[  126.877400][ T5911] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  126.887893][ T5911] em28xx 1-1:0.89: board has no eeprom
[  126.922364][ T6607] netlink: 20 bytes leftover after parsing attributes in process `syz.2.198'.
[  126.935596][ T6607] fuse: Bad value for 'rootmode'
[  126.972796][ T6616] FAULT_INJECTION: forcing a failure.
[  126.972796][ T6616] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  126.987247][ T6616] CPU: 1 UID: 0 PID: 6616 Comm: syz.1.201 Not tainted syzkaller #0 PREEMPT(full) 
[  126.987276][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  126.987289][ T6616] Call Trace:
[  126.987297][ T6616]  <TASK>
[  126.987304][ T6616]  dump_stack_lvl+0x189/0x250
[  126.987334][ T6616]  ? __pfx____ratelimit+0x10/0x10
[  126.987363][ T6616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  126.987398][ T6616]  ? __pfx__printk+0x10/0x10
[  126.987426][ T6616]  ? __might_fault+0xb0/0x130
[  126.987459][ T6616]  ? rcu_is_watching+0x15/0xb0
[  126.987481][ T6616]  should_fail_ex+0x414/0x560
[  126.987511][ T6616]  _copy_from_user+0x2d/0xb0
[  126.987536][ T6616]  ___sys_sendmsg+0x158/0x2a0
[  126.987558][ T6616]  ? __pfx____sys_sendmsg+0x10/0x10
[  126.987597][ T6616]  ? __fget_files+0x2a/0x420
[  126.987628][ T6616]  ? __fget_files+0x3a0/0x420
[  126.987664][ T6616]  __x64_sys_sendmsg+0x19b/0x260
[  126.987687][ T6616]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  126.987713][ T6616]  ? __pfx_ksys_write+0x10/0x10
[  126.987739][ T6616]  ? rcu_is_watching+0x15/0xb0
[  126.987820][ T6616]  ? rcu_is_watching+0x15/0xb0
[  126.987842][ T6616]  do_syscall_64+0xfa/0x3b0
[  126.987873][ T6616]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.987894][ T6616]  ? clear_bhb_loop+0x60/0xb0
[  126.987916][ T6616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.987935][ T6616] RIP: 0033:0x7f230258ebe9
[  126.987953][ T6616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  126.987971][ T6616] RSP: 002b:00007f23033a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  126.987993][ T6616] RAX: ffffffffffffffda RBX: 00007f23027b5fa0 RCX: 00007f230258ebe9
[  126.988009][ T6616] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[  126.988021][ T6616] RBP: 00007f23033a9090 R08: 0000000000000000 R09: 0000000000000000
[  126.988033][ T6616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  126.988045][ T6616] R13: 00007f23027b6038 R14: 00007f23027b5fa0 R15: 00007f23028dfa28
[  126.988067][ T6616]  </TASK>
[  126.994777][ T5911] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67)
[  127.158010][ T5921] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  127.388251][ T5921] usb 4-1: no configurations
[  127.393554][ T5921] usb 4-1: can't read configurations, error -22
[  127.547760][ T5921] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  127.757741][ T5921] usb 4-1: no configurations
[  127.761263][ T5911] em28xx 1-1:0.89: analog set to bulk mode.
[  127.769069][ T5921] usb 4-1: can't read configurations, error -22
[  127.782927][ T5947] em28xx 1-1:0.89: Registering V4L2 extension
[  127.792826][ T5921] usb usb4-port1: attempt power cycle
[  127.959649][ T5911] usb 1-1: USB disconnect, device number 8
[  128.097860][ T5911] em28xx 1-1:0.89: Disconnecting em28xx
[  128.369904][ T5947] em28xx 1-1:0.89: Config register raw data: 0xffffffed
[  128.385746][ T5947] em28xx 1-1:0.89: AC97 chip type couldn't be determined
[  128.527209][ T5947] em28xx 1-1:0.89: No AC97 audio processor
[  128.559685][ T5947] usb 1-1: Decoder not found
[  128.591692][ T5921] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  128.615641][ T5947] em28xx 1-1:0.89: failed to create media graph
[  128.651026][ T5921] usb 4-1: no configurations
[  128.655340][ T5947] em28xx 1-1:0.89: V4L2 device video103 deregistered
[  128.676647][ T6641] ==================================================================
[  128.684928][ T6641] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xc7/0x430
[  128.692407][ T6641] Read of size 8 at addr ffff8880775d4740 by task v4l_id/6641
[  128.699882][ T6641] 
[  128.702231][ T6641] CPU: 0 UID: 0 PID: 6641 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  128.702253][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  128.702262][ T6641] Call Trace:
[  128.702269][ T6641]  <TASK>
[  128.702276][ T6641]  dump_stack_lvl+0x189/0x250
[  128.702298][ T6641]  ? rcu_is_watching+0x15/0xb0
[  128.702315][ T6641]  ? __pfx_dump_stack_lvl+0x10/0x10
[  128.702365][ T6641]  ? rcu_is_watching+0x15/0xb0
[  128.702380][ T6641]  ? lock_release+0x4b/0x3e0
[  128.702404][ T6641]  ? __virt_addr_valid+0x1c8/0x5c0
[  128.702424][ T6641]  ? __virt_addr_valid+0x4a5/0x5c0
[  128.702444][ T6641]  print_report+0xca/0x240
[  128.702459][ T6641]  ? v4l2_fh_open+0xc7/0x430
[  128.702481][ T6641]  kasan_report+0x118/0x150
[  128.702504][ T6641]  ? v4l2_fh_open+0xc7/0x430
[  128.702528][ T6641]  v4l2_fh_open+0xc7/0x430
[  128.702552][ T6641]  em28xx_v4l2_open+0x157/0x9a0
[  128.702576][ T6641]  v4l2_open+0x20c/0x360
[  128.702601][ T6641]  chrdev_open+0x4c9/0x5e0
[  128.702625][ T6641]  ? __pfx_chrdev_open+0x10/0x10
[  128.702648][ T6641]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  128.702675][ T6641]  ? __pfx_chrdev_open+0x10/0x10
[  128.702697][ T6641]  do_dentry_open+0x950/0x13f0
[  128.702717][ T6641]  vfs_open+0x3b/0x340
[  128.702730][ T6641]  ? path_openat+0x2ecd/0x3830
[  128.702749][ T6641]  path_openat+0x2ee5/0x3830
[  128.702766][ T6641]  ? arch_stack_walk+0xfc/0x150
[  128.702790][ T6641]  ? stack_depot_save_flags+0x40/0x860
[  128.702816][ T6641]  ? __pfx_path_openat+0x10/0x10
[  128.702833][ T6641]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.702854][ T6641]  do_filp_open+0x1fa/0x410
[  128.702873][ T6641]  ? __pfx_do_filp_open+0x10/0x10
[  128.702898][ T6641]  ? _raw_spin_unlock+0x28/0x50
[  128.702916][ T6641]  ? alloc_fd+0x64c/0x6c0
[  128.702941][ T6641]  do_sys_openat2+0x121/0x1c0
[  128.702958][ T6641]  ? __pfx_do_sys_openat2+0x10/0x10
[  128.702973][ T6641]  ? lock_release+0x4b/0x3e0
[  128.702997][ T6641]  ? do_user_addr_fault+0xc8a/0x1390
[  128.703022][ T6641]  __x64_sys_openat+0x138/0x170
[  128.703040][ T6641]  do_syscall_64+0xfa/0x3b0
[  128.703063][ T6641]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.703078][ T6641]  ? clear_bhb_loop+0x60/0xb0
[  128.703095][ T6641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.703109][ T6641] RIP: 0033:0x7f49ed2a7407
[  128.703123][ T6641] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  128.703136][ T6641] RSP: 002b:00007ffda36a2080 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  128.703153][ T6641] RAX: ffffffffffffffda RBX: 00007f49eda86880 RCX: 00007f49ed2a7407
[  128.703164][ T6641] RDX: 0000000000000000 RSI: 00007ffda36a3f1c RDI: ffffffffffffff9c
[  128.703175][ T6641] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  128.703184][ T6641] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  128.703192][ T6641] R13: 00007ffda36a22d0 R14: 00007f49edbed000 R15: 0000563ecb0e14d8
[  128.703210][ T6641]  </TASK>
[  128.703215][ T6641] 
[  129.005573][ T6641] Allocated by task 5947:
[  129.010177][ T6641]  kasan_save_track+0x3e/0x80
[  129.015051][ T6641]  __kasan_kmalloc+0x93/0xb0
[  129.019923][ T6641]  __kmalloc_cache_noprof+0x230/0x3d0
[  129.025578][ T6641]  em28xx_v4l2_init+0x10b/0x2e70
[  129.030888][ T6641]  em28xx_init_extension+0x11d/0x1c0
[  129.037074][ T6641]  process_scheduled_works+0xae1/0x17b0
[  129.042639][ T6641]  worker_thread+0x8a0/0xda0
[  129.047390][ T6641]  kthread+0x70e/0x8a0
[  129.051563][ T6641]  ret_from_fork+0x3f9/0x770
[  129.056166][ T6641]  ret_from_fork_asm+0x1a/0x30
[  129.061035][ T6641] 
[  129.063362][ T6641] Freed by task 5947:
[  129.067579][ T6641]  kasan_save_track+0x3e/0x80
[  129.072315][ T6641]  kasan_save_free_info+0x46/0x50
[  129.077383][ T6641]  __kasan_slab_free+0x5b/0x80
[  129.082163][ T6641]  kfree+0x18e/0x440
[  129.086295][ T6641]  em28xx_v4l2_init+0x1683/0x2e70
[  129.091386][ T6641]  em28xx_init_extension+0x11d/0x1c0
[  129.096699][ T6641]  process_scheduled_works+0xae1/0x17b0
[  129.102259][ T6641]  worker_thread+0x8a0/0xda0
[  129.106863][ T6641]  kthread+0x70e/0x8a0
[  129.111024][ T6641]  ret_from_fork+0x3f9/0x770
[  129.115645][ T6641]  ret_from_fork_asm+0x1a/0x30
[  129.120484][ T6641] 
[  129.122834][ T6641] The buggy address belongs to the object at ffff8880775d4000
[  129.122834][ T6641]  which belongs to the cache kmalloc-8k of size 8192
[  129.136986][ T6641] The buggy address is located 1856 bytes inside of
[  129.136986][ T6641]  freed 8192-byte region [ffff8880775d4000, ffff8880775d6000)
[  129.151059][ T6641] 
[  129.153404][ T6641] The buggy address belongs to the physical page:
[  129.160145][ T6641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x775d0
[  129.168926][ T6641] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  129.177612][ T6641] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  129.185203][ T6641] page_type: f5(slab)
[  129.189286][ T6641] raw: 00fff00000000040 ffff88801a442280 ffffea0001e9ce00 0000000000000002
[  129.197977][ T6641] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  129.207365][ T6641] head: 00fff00000000040 ffff88801a442280 ffffea0001e9ce00 0000000000000002
[  129.216263][ T6641] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  129.225028][ T6641] head: 00fff00000000003 ffffea0001dd7401 00000000ffffffff 00000000ffffffff
[  129.234060][ T6641] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  129.242775][ T6641] page dumped because: kasan: bad access detected
[  129.251851][ T6641] page_owner tracks the page as allocated
[  129.258720][ T6641] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6435, tgid 6434 (syz.4.148), ts 115273564925, free_ts 114898728540
[  129.280525][ T6641]  post_alloc_hook+0x240/0x2a0
[  129.285503][ T6641]  get_page_from_freelist+0x21e4/0x22c0
[  129.291085][ T6641]  __alloc_frozen_pages_noprof+0x181/0x370
[  129.297014][ T6641]  alloc_pages_mpol+0x232/0x4a0
[  129.301886][ T6641]  allocate_slab+0x8a/0x370
[  129.306418][ T6641]  ___slab_alloc+0xbeb/0x1410
[  129.311112][ T6641]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[  129.317807][ T6641]  kmalloc_reserve+0x136/0x290
[  129.322627][ T6641]  __alloc_skb+0x142/0x2d0
[  129.327242][ T6641]  netlink_dump+0x167/0xe90
[  129.332386][ T6641]  netlink_recvmsg+0x676/0xa30
[  129.337640][ T6641]  sock_recvmsg_nosec+0x186/0x1c0
[  129.342694][ T6641]  ____sys_recvmsg+0x3aa/0x460
[  129.347554][ T6641]  ___sys_recvmsg+0x1b5/0x510
[  129.352246][ T6641]  do_recvmmsg+0x307/0x770
[  129.356715][ T6641]  __x64_sys_recvmmsg+0x1af/0x240
[  129.361756][ T6641] page last free pid 6418 tgid 6417 stack trace:
[  129.368091][ T6641]  __free_frozen_pages+0xbc4/0xd30
[  129.373223][ T6641]  __put_partials+0x156/0x1a0
[  129.377949][ T6641]  put_cpu_partial+0x17c/0x250
[  129.382943][ T6641]  __slab_free+0x2d5/0x3c0
[  129.387379][ T6641]  qlist_free_all+0x97/0x140
[  129.392003][ T6641]  kasan_quarantine_reduce+0x148/0x160
[  129.397541][ T6641]  __kasan_slab_alloc+0x22/0x80
[  129.402416][ T6641]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  129.407998][ T6641]  ptlock_alloc+0x20/0x70
[  129.412465][ T6641]  pte_alloc_one+0x7d/0x170
[  129.417008][ T6641]  __handle_mm_fault+0x2795/0x5440
[  129.422158][ T6641]  handle_mm_fault+0x40a/0x8e0
[  129.427041][ T6641]  __get_user_pages+0x1699/0x2ce0
[  129.432302][ T6641]  populate_vma_page_range+0x29f/0x3a0
[  129.437803][ T6641]  __mm_populate+0x24c/0x380
[  129.442415][ T6641]  vm_mmap_pgoff+0x387/0x4d0
[  129.447147][ T6641] 
[  129.449491][ T6641] Memory state around the buggy address:
[  129.455126][ T6641]  ffff8880775d4600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  129.463202][ T6641]  ffff8880775d4680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  129.471282][ T6641] >ffff8880775d4700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  129.479363][ T6641]                                            ^
[  129.485520][ T6641]  ffff8880775d4780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  129.493600][ T6641]  ffff8880775d4800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  129.501769][ T6641] ==================================================================
[  129.515922][ T5947] em28xx 1-1:0.89: Registering snapshot button...
[  129.533487][ T5921] usb 4-1: can't read configurations, error -22
[  129.565054][ T5947] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input8
[  129.581361][ T6641] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  129.589233][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  129.598996][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  129.609400][ T6641] Call Trace:
[  129.612706][ T6641]  <TASK>
[  129.615659][ T6641]  dump_stack_lvl+0x99/0x250
[  129.620273][ T6641]  ? __asan_memcpy+0x40/0x70
[  129.624990][ T6641]  ? __pfx_dump_stack_lvl+0x10/0x10
[  129.630221][ T6641]  ? __pfx__printk+0x10/0x10
[  129.634934][ T6641]  vpanic+0x281/0x750
[  129.639306][ T6641]  ? preempt_schedule+0xae/0xc0
[  129.644184][ T6641]  ? __pfx_vpanic+0x10/0x10
[  129.648722][ T6641]  ? preempt_schedule_common+0x83/0xd0
[  129.654211][ T6641]  ? preempt_schedule+0xae/0xc0
[  129.659106][ T6641]  ? __pfx_preempt_schedule+0x10/0x10
[  129.664496][ T6641]  panic+0xb9/0xc0
[  129.668236][ T6641]  ? __pfx_panic+0x10/0x10
[  129.672762][ T6641]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  129.678680][ T6641]  ? v4l2_fh_open+0xc7/0x430
[  129.683287][ T6641]  check_panic_on_warn+0x89/0xb0
[  129.688245][ T6641]  ? v4l2_fh_open+0xc7/0x430
[  129.692861][ T6641]  end_report+0x78/0x160
[  129.697190][ T6641]  kasan_report+0x129/0x150
[  129.701821][ T6641]  ? v4l2_fh_open+0xc7/0x430
[  129.707056][ T6641]  v4l2_fh_open+0xc7/0x430
[  129.712446][ T6641]  em28xx_v4l2_open+0x157/0x9a0
[  129.717771][ T6641]  v4l2_open+0x20c/0x360
[  129.722045][ T6641]  chrdev_open+0x4c9/0x5e0
[  129.726652][ T6641]  ? __pfx_chrdev_open+0x10/0x10
[  129.733452][ T6641]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  129.741142][ T6641]  ? __pfx_chrdev_open+0x10/0x10
[  129.746123][ T6641]  do_dentry_open+0x950/0x13f0
[  129.751381][ T6641]  vfs_open+0x3b/0x340
[  129.757104][ T6641]  ? path_openat+0x2ecd/0x3830
[  129.763755][ T6641]  path_openat+0x2ee5/0x3830
[  129.768573][ T6641]  ? arch_stack_walk+0xfc/0x150
[  129.774575][ T6641]  ? stack_depot_save_flags+0x40/0x860
[  129.781574][ T6641]  ? __pfx_path_openat+0x10/0x10
[  129.786823][ T6641]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.793036][ T6641]  do_filp_open+0x1fa/0x410
[  129.797611][ T6641]  ? __pfx_do_filp_open+0x10/0x10
[  129.802881][ T6641]  ? _raw_spin_unlock+0x28/0x50
[  129.807753][ T6641]  ? alloc_fd+0x64c/0x6c0
[  129.812114][ T6641]  do_sys_openat2+0x121/0x1c0
[  129.816858][ T6641]  ? __pfx_do_sys_openat2+0x10/0x10
[  129.822082][ T6641]  ? lock_release+0x4b/0x3e0
[  129.826734][ T6641]  ? do_user_addr_fault+0xc8a/0x1390
[  129.832335][ T6641]  __x64_sys_openat+0x138/0x170
[  129.837237][ T6641]  do_syscall_64+0xfa/0x3b0
[  129.841772][ T6641]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.847948][ T6641]  ? clear_bhb_loop+0x60/0xb0
[  129.852730][ T6641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.858632][ T6641] RIP: 0033:0x7f49ed2a7407
[  129.863064][ T6641] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  129.883312][ T6641] RSP: 002b:00007ffda36a2080 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  129.891922][ T6641] RAX: ffffffffffffffda RBX: 00007f49eda86880 RCX: 00007f49ed2a7407
[  129.899916][ T6641] RDX: 0000000000000000 RSI: 00007ffda36a3f1c RDI: ffffffffffffff9c
[  129.908260][ T6641] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  129.916695][ T6641] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  129.924881][ T6641] R13: 00007ffda36a22d0 R14: 00007f49edbed000 R15: 0000563ecb0e14d8
[  129.933237][ T6641]  </TASK>
[  129.937006][ T6641] Kernel Offset: disabled
[  129.941347][ T6641] Rebooting in 86400 seconds..