last executing test programs:

10.066017632s ago: executing program 3 (id=3854):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5800000002060500000000000000000000000000050001000700000009000200737d7a30000000000c00078005001400a895000011000300686173683a69702c706f7274000000000500050002000000050004"], 0x58}}, 0x0) (async, rerun: 64)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) (async, rerun: 64)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a40000000030a010400000000000000000a0000050900030073797a30000080000900010073797a3100000000140004800800024038b140bb080001400000000338000000080a010200000000000000000a00000508000b40000000030900010073797a31"], 0xa0}, 0x1, 0x0, 0x0, 0x4000850}, 0x240008c0) (rerun: 64)

9.772796381s ago: executing program 3 (id=3856):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000000)="8ee8c9b8ee088ed8660f3801b2d6352ed9ff660f3882040f01cf0fc72d2626652e0f01ca0fc7386635002000000f22e0", 0x30}], 0x1, 0x50, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x101001)
io_uring_setup(0x69fb, &(0x7f0000000280)={0x0, 0xd836, 0x800, 0x3, 0x354, 0x0, r2})
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000300)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, <r6=>0x0], &(0x7f0000000040), 0x2, r5})
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000380)={0x200, 0x1, &(0x7f0000000440)=[r5], &(0x7f0000000180)=[0x7], &(0x7f0000000280)=[r6, r6], &(0x7f0000000040)=[0x0]})
syz_usb_connect(0x3, 0x71, &(0x7f0000000280)=ANY=[@ANYBLOB="120100034ca0b5203360084113cc0102030109025f000107a1407509048002060103ec010905170220009100060725018008ff0009058703ff03d10107020109001000000000000007250136"], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
pipe(&(0x7f0000000240))
ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r2, 0x800455d1, &(0x7f0000000100))
ioctl$KVM_RUN(r7, 0xae80, 0x0)

8.982647443s ago: executing program 2 (id=3858):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r4, &(0x7f0000000880)=[{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x50)
sendmmsg$inet_sctp(r4, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f0000000240)=[{0x0}, {0x0}], 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0004000000000000000000"], 0x30}], 0x1, 0x0)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0)
ioctl$FBIOPUTCMAP(r5, 0x4605, &(0x7f0000000200)={0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4140aecd, &(0x7f0000000100)=ANY=[])
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_sctp_SCTP_NODELAY(r4, 0x84, 0x3, &(0x7f00000000c0)=0x4, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140), 0x1, &(0x7f0000000680)=ANY=[@ANYRESOCT=r7, @ANYRESOCT=r0, @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
rmdir(&(0x7f0000000040)='./file0/../file0/file0\x00')
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r9=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r8, 0x3ba0, &(0x7f00000003c0)={0x48, 0x1, r9, 0x0, 0x9, 0x7fff})
ioctl$IOMMU_VFIO_IOAS$SET(r8, 0x3b88, &(0x7f00000000c0)={0xc, r9})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r8, 0x3ba0, &(0x7f0000000340)={0x48, 0x2, r9})
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r8, 0x3b70, &(0x7f0000000240)={0x30})
socket$nl_route(0x10, 0x3, 0x0)

7.10888097s ago: executing program 1 (id=3860):
sched_setscheduler(0x0, 0x2, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x89, 0x3, @private=0xa010102, @local}}}}}}, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x1, 0x4, 0x2, @vifc_lcl_addr=@loopback, @remote}, 0x10)
setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000300, 0x0, "8a79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85}, 0x3c)

6.945924882s ago: executing program 3 (id=3861):
r0 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0xc95e})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
r1 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
mlock2(&(0x7f00004e4000/0x1000)=nil, 0x1000, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4)
ioctl$sock_qrtr_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000140))
sendto$packet(r5, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe955, 0x0, &(0x7f0000000540)={0xc9, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
syz_open_dev$vcsn(&(0x7f0000000240), 0xfefffffffffff3ca, 0x2c000)
fanotify_init(0x200, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000700)={0x0, &(0x7f0000000280)=[@wr_drn={0x6e, 0x20, {0x0, 0x4}}, @cpuid={0x14, 0x18, {0x1, 0x9}}, @in_dx={0x82, 0x20, {0x1904, 0x7}}, @cpuid={0x14, 0x18, {0x5b, 0x8}}, @rdmsr={0x32, 0x18, {0xbf2}}, @out_dx={0xaa, 0x28, {0x3cd9, 0x2, 0xb8}}, @code={0xa, 0x5b, {"c44101dda186ed78be65640f01c3c481f950f866b893000f00d866ba410066b83d0066ef660f38821bb97b0800000f32b9c20a0000b809000000ba000000000f30673e0f790e0f72d600"}}, @cpuid={0x14, 0x18, {0x8, 0x5}}, @code={0xa, 0x47, {"c461f950cd0fb036c40385487c7dfc10430f090fc7a807000000400fc1a39c0000008eba1f000000c403550bc3080f22dd660f388027"}}, @in_dx={0x82, 0x20, {0x9166, 0xd}}, @code={0xa, 0x51, {"3e66460f388093008000000f788de3000000f30fa7d066b88a008ed0420f01cb360f38cbb7009000000f20d835080000000f22d8f3e0a80fc73266430f388019"}}, @code={0xa, 0x47, {"660f5b3265672e260f796e000f072e400f08660f388016f243ab66bad004ec0f019a00000000b8010000000f01d9660fc7b5bab70000"}}, @wrmsr={0x1e, 0x20, {0xb21, 0x2}}, @cpuid={0x14, 0x18, {0x7, 0x9}}, @wr_crn={0x46, 0x20, {0x4, 0x1ff}}, @uexit={0x0, 0x18, 0x3}, @in_dx={0x82, 0x20, {0xba14}}, @wr_crn={0x46, 0x20}, @wr_crn={0x46, 0x20, {0x2, 0x9}}, @out_dx={0xaa, 0x28, {0x5f98, 0x4, 0x3}}, @wr_drn={0x6e, 0x20, {0x1, 0x9}}, @rdmsr={0x32, 0x18, {0x4f8906d53e2185a8}}, @wrmsr={0x1e, 0x20, {0x9e4, 0x101}}, @uexit={0x0, 0x18, 0x9}, @wrmsr={0x1e, 0x20, {0x9cd, 0x2}}, @code={0xa, 0x57, {"430f78c9420f017a08b9800000c00f3235010000000f300f20d835200000000f22d8d098040000000f35b907090000b800a00000ba000000000f30dbf4c4e1d015568f0f01ca"}}, @wr_drn={0x6e, 0x20, {0x4, 0xab8}}, @rdmsr={0x32, 0x18}], 0x439})

6.280694271s ago: executing program 1 (id=3862):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socket(0x22, 0x3, 0x744)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8fb, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0f, 0xffffffff}, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x14)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r1, 0xf7)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r3, 0x6)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff000000010000000458000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01", 0x53}], 0x1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581"], 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xf)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000140009052cbd7000fddbdf25022000fd", @ANYRES32=r0, @ANYBLOB="5756017dc2df101008000100ff0101020000fdb400000000ae1a97"], 0x30}}, 0x0)

5.954500564s ago: executing program 2 (id=3863):
syz_usb_connect(0x5, 0x36, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0xd, 0x15, 0x13, 0x10, 0x424, 0x12c, 0x5861, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x7, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x94, 0x6, 0x2, 0xc5, 0xc7, 0x77, 0x0, [], [{{0x9, 0x5, 0x1, 0x0, 0x40, 0x9, 0x0, 0x3}}, {{0x9, 0x5, 0x5, 0x0, 0x200, 0x4, 0x9, 0x5}}]}}]}}]}}, 0x0)
r0 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz2\x00', 0x2, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0xf, 0x7, 0x3, 0x1, 0xba})

4.99457331s ago: executing program 4 (id=3866):
unshare(0x22060400)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x284802, 0x0)
preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x9)

4.785801564s ago: executing program 4 (id=3867):
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @synproxy={{0xd}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0)
sendmsg$inet(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000cc0)="2206", 0x2}], 0x1}, 0x4008041)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) (fail_nth: 2)

4.691282338s ago: executing program 3 (id=3868):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000a00)=ANY=[@ANYBLOB="120100007856bb40da0b53813de20102030109021200010000000009040000000206"], 0x0)
syz_usb_control_io$printer(r2, 0x0, &(0x7f0000000440)={0x34, &(0x7f0000000140), 0x0, 0x0, 0x0, 0x0, 0x0})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2)
openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xfffffffb}, 0x0)
r3 = syz_open_dev$dri(0x0, 0x7, 0x200)
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000180)=[0x0, 0x0]})
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
read$FUSE(r4, &(0x7f00000034c0)={0x2020}, 0x2020)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2}, 0x14)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
eventfd(0xfffffff9)

4.576714844s ago: executing program 4 (id=3869):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000940), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_PMKSA(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000400)={0x44, r3, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "0100000020000000c20001000300"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000010)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r9=>0x0})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="0503000000000000f6ff0700000008000300", @ANYRES32=r9], 0x1c}}, 0x24044080)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x40, r8, 0xe07, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x8004)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=r6, @ANYBLOB="00000000000000101c0037800b0001006950766cbb6e0010080002"], 0x3c}}, 0x0)
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x28}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r4, 0x300, 0x70bd2a, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x7f}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xac}]}, 0x2c}, 0x1, 0x0, 0x0, 0x41}, 0x48000)

4.417815191s ago: executing program 4 (id=3870):
r0 = syz_open_dev$video4linux(&(0x7f00000007c0), 0x5, 0x20040)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f00000000c0)={0x1, 0x0, {0x1, 0x0, 0x101c, 0x4, 0x0, 0x0, 0x5, 0x4}})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x80002, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1a, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x143101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f00000000c0)=0x3)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x20000)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x11)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000100)={{0x100}, 'syz1\x00'})
ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x4)
ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x3)
ioctl$UI_DEV_CREATE(r3, 0x5501)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
preadv(r4, &(0x7f0000000500)=[{&(0x7f0000000000)=""/31, 0x1f}, {&(0x7f00000002c0)=""/187, 0xbb}, {0x0}, {&(0x7f0000000380)=""/159, 0x9f}, {&(0x7f0000000240)}, {&(0x7f0000000440)=""/138, 0x8a}], 0x6, 0x3, 0x75)
ioctl$UI_DEV_DESTROY(r3, 0x5502)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x48000, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x3)
write$cgroup_subtree(r2, &(0x7f0000000180)={[{0x2d, 'cpuacct'}, {0x2d, 'cpu'}]}, 0xe)
ioctl$TCFLSH(0xffffffffffffffff, 0x80047437, 0x10004000000006)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)

4.133865089s ago: executing program 0 (id=3871):
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x88}, 0x0)
socket$inet(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0x9, &(0x7f0000000180))
r1 = getpid()
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000003c0)={{0x5, 0x6, 0x0, 0x5, 'syz0\x00', 0xffff}, 0x3, 0x400, 0xfffffff9, r1, 0x4, 0xff, 'syz1\x00', &(0x7f0000000100)=['\':\\]\x00', 'bond0\x00', 'bond0\x00', 'taprio\x00'], 0x18})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r4, &(0x7f0000002080)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f363563030890e0879b0af8c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

3.917548403s ago: executing program 0 (id=3872):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5001e, 0x140}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_ID={0x8, 0x1, 0xfffffffe}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4090}, 0x2000000)
r1 = socket(0x26, 0x80000, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x180, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000100)={0x8, 0x0, 0xd7c4, 0xfffffff9}, 0x10)
write(r1, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000001d00000000000000080009000d00ffa6", 0x24)

3.861839149s ago: executing program 2 (id=3873):
r0 = syz_open_dev$video4linux(&(0x7f0000000540), 0x10000fc3, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000040)={0x0, 0x0, 0x101c, 0x221e, 0xffffffd6, 0xc251, 0x7ffffffe, 0x1})
unshare(0x20040000)
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000a00)=@nat={'nat\x00', 0x1b, 0x5, 0x5d0, 0x318, 0xf0, 0xffffffff, 0x0, 0x318, 0x538, 0x520, 0xffffffff, 0x538, 0x538, 0x5, 0x0, {[{{@ip={@local, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffffff, 0xffffffff, 'geneve1\x00', 'gretap0\x00', {}, {0xff}, 0x32, 0x1}, 0x0, 0xb8, 0xf0, 0x0, {}, [@common=@unspec=@state={{0x28}, {0x1}}, @common=@socket0={{0x20}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x4, @local, @multicast2, @icmp_id=0x66, @icmp_id=0x200}}}}, {{@ip={@private=0xa010100, @multicast1, 0xff000000, 0xffffffff, 'wg0\x00', 'bridge0\x00', {0xff}, {0xff}, 0x32, 0x2}, 0x0, 0x1f0, 0x228, 0x0, {}, [@common=@ttl={{0x28}, {0x3, 0x9}}, @common=@inet=@policy={{0x158}, {[{@ipv4=@rand_addr=0x64010102, [0xff000000, 0xffffff, 0xffffffff], @ipv6=@mcast2, [0xffffffff, 0xffffff00, 0xff000000, 0xffffffff], 0x4d4, 0x3504, 0x32, 0x0, 0x4, 0x18}, {@ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, [0xffffffff, 0xff000000, 0xffffff00, 0xffffff00], @ipv6=@dev={0xfe, 0x80, '\x00', 0x1f}, [0xffffff00, 0x1fe0000ff, 0x0, 0xff], 0x4d3, 0x0, 0xa, 0x0, 0x0, 0x11}, {@ipv6=@empty, [0xff, 0xff000000, 0xffffff00, 0xff000000], @ipv4=@empty, [0xffffff00, 0xff, 0xffffff00, 0xff000000], 0x4d2, 0x3505, 0x16, 0x1, 0x5, 0x2}, {@ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, [0x0, 0xff, 0xffffff00, 0xff], @ipv4=@dev={0xac, 0x14, 0x14, 0x39}, [0xff000000, 0xff, 0xffffff00, 0xff], 0x4d5, 0x0, 0x28, 0x1, 0x7}], 0x8}}]}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x8, @broadcast, @rand_addr=0x64010100, @gre_key=0x9, @icmp_id=0x65}}}}, {{@uncond, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0x8, 0x2}}, @common=@ah={{0x30}, {[0x1, 0x1]}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x8, @multicast1, @private=0xa010101, @port=0x4e24, @icmp_id=0x68}}}}, {{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@inet=@socket2={{0x28}, 0x2}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x4, [0x1, 0x2, 0x0, 0x0, 0x6, 0x1], 0x2, 0x3}, {0x4, [0x6, 0x6, 0x0, 0x1, 0x0, 0x1], 0x2, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x630)
ioctl$VIDIOC_QUERYBUF_DMABUF(r1, 0xc0205648, &(0x7f0000000080)={0xf010000, 0x0, 0x4, 0x110821, 0x0, {0x77359400}, {0x5, 0x8, 0x0, 0x0, 0x0, 0xd, "3acfa8ee"}})
unshare(0x10000000)

3.735968628s ago: executing program 2 (id=3874):
syz_usb_connect$cdc_ncm(0x0, 0x74, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000020000402505a3a44000010203010902620002010020000904000001020d00000b24060001dc5a0694c66005240000000d240f0100000000000003000006241a0000000905810320000000000904010000020d00000904010102020d000009058202"], 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0x2f, 0xc8, 0x7, 0x200, 0x28, @mcast2, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x1, 0x1, 0x4}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x4, 0x9, 0x5a, 0x6, 0x90, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback, 0x10, 0x80, 0x0, 0x5}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000200)={'vxcan1\x00'})
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0xfffffffffffffe46, &(0x7f00000007c0)={&(0x7f00000001c0)=@mpls_getnetconf={0x14, 0x52, 0x20, 0x70bd29, 0x25dfdbfb}, 0x14}}, 0x20000050)
syz_usb_connect(0x0, 0x35, &(0x7f00000007c0)={{0x12, 0x1, 0x0, 0xcc, 0x9, 0x40, 0x40, 0x1519, 0x443, 0x1597, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x23, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x2f, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x8, 0xb, "10958155ebf9"}]}}]}}]}}]}}, 0x0)
syz_emit_ethernet(0x7a, &(0x7f00000008c0)={@local, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x22eb}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x8, 0x88be, 0x86ddffff}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0x4}}}}}}}}}, 0x0)

3.649671552s ago: executing program 0 (id=3875):
socket$inet6(0xa, 0x2, 0x0)
r0 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000005c0)={0x3, {{0xa, 0x4e23, 0xc, @mcast1, 0xfffffff8}}, 0x0, 0x1, [{{0xa, 0x8001, 0x2, @loopback, 0x30000}}]}, 0x110)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="10007d8005", @ANYRES8=0x0, @ANYRES32], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)

3.538081705s ago: executing program 0 (id=3876):
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x4c)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10)
r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000004c00)=[{{0x0, 0x0, &(0x7f0000000240)}, 0x2ca998c3}], 0x4000032, 0x40000021, 0x0)
recvmsg$can_raw(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000340)=""/197, 0xc5}], 0x1}, 0x1)

3.526164675s ago: executing program 0 (id=3877):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
io_setup(0x23, &(0x7f0000000280))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0xdc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000093d11fc1ce5000000000a0000040900010073797a3100000000080005400000002b0900020073797a310000000008000a40fffffffc140000001100010000000000000000000100000a"], 0x64}}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020, 0x0, 0x0, <r3=>0x0}, 0x2020)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000900, &(0x7f0000000140)=@sg0, r3, &(0x7f0000000340))
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f00000000c0)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'wlc\x00', 0x1, 0x0, 0x4}, 0x2c)
socket$kcm(0xa, 0x2, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010100, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d5c}}, 0x44)
sendmsg$sock(r4, &(0x7f0000000400)={&(0x7f0000000580)=@isdn={0x22, 0x4, 0x59, 0x6, 0xa}, 0x80, 0x0, 0x0, &(0x7f0000000000)}, 0x20000010)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0xffffffffffffff60, 0x24, 0x1, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x24000041}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x801, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42004}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x19}, @IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x3c}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001d40)=ANY=[@ANYBLOB="101300002d00090036bd70000100000004000000cb011180c708605d8a0c9549f671af21be3edd7313f3b3cefa172a8aae2f295cc72b60b26946113d"], 0x1310}, 0x1, 0x0, 0x0, 0x20000004}, 0x84)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})

2.672628945s ago: executing program 4 (id=3878):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
pipe(&(0x7f0000000840))
mincore(&(0x7f0000ffd000/0x3000)=nil, 0x3000, &(0x7f0000000540)=""/210)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={<r3=>0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}]}, &(0x7f0000000080)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={r3, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xce024d}, 0x9c)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000b50000008200000018110000", @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000010000008500000085"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6d3a3068091d62b58999e0a046f9509cb8ddc2a9ad4e0f1f85e5f076218b4b931acdff0c34fc5bdbad17ec481f1c9b17727c14e053e315d0d8d03c24ddaba65c5ce5b1aa04d1f767e25662b155d49460ec720d54044ac2856c11407835f341e2614bcae270000000001000000df7f736aab5d713240b2f40ec7be8251eba969686b2670ddc1a84df6ab12ab3e0cf8747837062233935704ebbd943ef0c5fef29513c7c1d6d2611796dccb45bdfd9e6533ad3574be5b9ea70e0c3b41a32067c03f5f8ed147cd0655c90d656f66eaed18a3c284c4f19417b5d91431759356db5d45ea40c9866957105b6252b0c028c672049ce163126f143f5758faf2a43f4c4f45a69b4e9113f85ae531085c11c75edbdee5af454757cdaff396c15ab9b210c202ffaea96d1bac60c6d6c56a4babc659858789bd479334e13e1c7876f95429431e61400815788c1397b260600d78e7513c58d9ac9474d392cc06f789753e1e7ebf5f1b55e2a64b9150c6580bf48e7bff763034801cccf403108d127b959ffc425a563ea2b90fbe779fd7d2ebfe94"], &(0x7f0000000280)='GPL\x00'}, 0x48)
r4 = socket$kcm(0x11, 0x2, 0x300)
r5 = getpgrp(0xffffffffffffffff)
timer_create(0x5, &(0x7f0000000240)={0x0, 0x26, 0x4, @tid=r5}, &(0x7f0000000800))
fsetxattr$trusted_overlay_upper(r4, &(0x7f0000000200), &(0x7f0000000780)={0x0, 0xfb, 0x47, 0x7, 0xb, "cc3a6481d38a5b6216fc9fc7d6f60ec4", "0d2c720813ecbb1c34600ac2894e1f14eb9de0f3a96237d8909904042eff17a916a93b22608019f5f611fe7568c3dc0ee7c0"}, 0x47, 0x2)
r6 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r6, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x4e1f, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @multicast2}}}], 0x20}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
socket$isdn(0x22, 0x3, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001300)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x10}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x7, 0x1, 0x9, 0x2, 0x4, 0x6}, {0x3, 0x2, 0xe, 0xb3b, 0x3, 0x6}, 0x9, 0x0, 0x2d}}, @TCA_TBF_PTAB={0x404, 0x3, [0xfb, 0x2, 0x101, 0x5, 0x2, 0xa28, 0x4, 0x9, 0xf, 0xffff6d77, 0xe4, 0x280, 0x107, 0x8001, 0x2, 0x0, 0x7, 0xff, 0x4, 0x401, 0x9, 0x5, 0x3, 0x1, 0xfffffff5, 0x5, 0xb8, 0x7, 0x5, 0x1, 0x157, 0x26553de0, 0x4, 0x7810, 0x80, 0x4, 0x1, 0x5, 0x1, 0x4, 0xf, 0x1000, 0x9, 0x6, 0xfff, 0x42, 0x44, 0x9, 0x6, 0x1, 0x7f, 0x9, 0x9, 0x6, 0x40, 0xffff, 0x0, 0x3, 0x9, 0x3, 0x7, 0xd61a, 0x1, 0x4, 0x8000, 0x5400000, 0x8000, 0x6, 0x400, 0x8000, 0x401, 0x4, 0xffffffff, 0x5, 0x8000, 0x1002, 0xb5, 0x6, 0x7, 0x0, 0x800, 0x1, 0x7fff, 0x401, 0x0, 0x2, 0x6e9, 0x8, 0x6, 0x5, 0xfffffffa, 0xffffff83, 0x7f, 0x9, 0x5feecc8, 0xb, 0x1a48dadd, 0xa3b, 0xfffffffa, 0x4, 0xffff, 0xc5, 0xbfa, 0x80000001, 0x8, 0x6, 0xacc, 0x7, 0x9, 0x1, 0x8001, 0x9, 0xcd4d, 0x5, 0x0, 0x7ff, 0x5, 0x5fd, 0x8, 0x8001, 0x9, 0xfffffff7, 0x76, 0x400, 0x4, 0x5, 0x9, 0x6, 0x17, 0x6, 0x2, 0x4, 0x400000, 0x10001, 0xd17, 0x1, 0x89, 0x4, 0x4, 0x8, 0x8, 0x10000, 0x9, 0x1, 0xce3, 0x4, 0x9, 0x96, 0x4, 0x6, 0x9, 0x8001, 0xc, 0x3, 0x2, 0x8969, 0x100, 0x100, 0x101, 0x7, 0x10000, 0x0, 0xc, 0x9, 0xfffffff1, 0x1, 0x1, 0x6, 0x7, 0x34a00, 0x45, 0x800800, 0x2, 0x2, 0x7, 0x3800, 0x8, 0x6, 0x4, 0xfffffffb, 0x4, 0xb, 0xc, 0x5, 0x2, 0x4, 0x2000000, 0x2, 0x2, 0x5, 0x5, 0xfffffff8, 0xda, 0x9, 0x8, 0x2, 0x1, 0x4, 0x8, 0x7, 0x36a3, 0x2, 0x5, 0xa1, 0x94, 0x4a9b, 0x9, 0x5, 0x0, 0x3, 0x3, 0x4, 0xe, 0xd, 0xfffffff2, 0x10001, 0x8, 0x0, 0x200, 0x7d, 0x2, 0x4, 0x1, 0x7fff, 0x3, 0x6, 0x3ff, 0x10000, 0x10, 0x0, 0x6, 0x8, 0x6, 0x8, 0x8, 0xf, 0x81, 0x4, 0x400, 0x3, 0xc, 0x8, 0x3, 0x6, 0x2c, 0x8, 0x25, 0x0, 0xb9, 0x3, 0x330c, 0xfffffffe, 0xc, 0x3a8b, 0x9, 0x1]}]}}]}, 0x45c}}, 0x24000010)
syz_emit_ethernet(0x3b6, &(0x7f00000003c0)={@multicast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d9a", 0x380, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, '\x00'/12}, {0x18, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x2, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4610001394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "000000000000000200000000000000000000000000008879e66485201a0015ca837400000000000000000000001c000000000000000000"}, {0x0, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0)

2.505559312s ago: executing program 1 (id=3879):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="1800000068000100030010007f00000000000000002a5dcb"], 0x18}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x6, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x2, 0x9, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0x56, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0xe, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
move_pages(0x0, 0x1, &(0x7f0000000300)=[&(0x7f0000ffc000/0x4000)=nil], 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_SPLIT(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYRES16=r4, @ANYBLOB="0004"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x880)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="300000001114010227bd700004400000080003000100"], 0x30}}, 0x8040)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002000080"], 0x48)
ioctl$KVM_CAP_MEMORY_FAULT_INFO(r2, 0x4068aea3, &(0x7f0000000280))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

2.077820226s ago: executing program 2 (id=3880):
syz_io_uring_setup(0x876, &(0x7f0000000140)={0x0, 0x114df, 0x0, 0x0, 0x86}, &(0x7f0000000240)=<r0=>0x0, &(0x7f0000000200))
syz_open_dev$usbmon(&(0x7f0000000080), 0x7, 0x5c1440)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
bind$unix(r3, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4051}}], 0x2, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_io_uring_setup(0x44b2, &(0x7f0000000380)={0x0, 0xaec7, 0x8, 0x1, 0x101}, 0x0, 0x0)
syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x2000, 0x40, 0x0, 0x8000021e, 0x0, r5}, &(0x7f00000001c0), 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x2000c830}, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
socket(0x40000000015, 0x5, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4008ae93, &(0x7f0000000040)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_LAPIC(r9, 0x4400ae8f, &(0x7f0000000440)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be9774c95d6c007c91903f78616596487bf50017c56b15385ab264cba5b168c62d971e67e6f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a0f802074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e54e5b2897c3fff38eabf67e1e160c2b5e18be06457844d89c9a606b7d25fbde713f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9bf1fedf54cc2dc6aea6c42c32de40c291e5f422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b09edfd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883ca3648c27772fc5dbaea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee744b1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380858965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9b97034f94"})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
mmap(&(0x7f000028e000/0x3000)=nil, 0x3000, 0x3000009, 0x4010, 0xffffffffffffffff, 0xb88b000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)

1.472585136s ago: executing program 1 (id=3881):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8041, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x1, 0x0, 0x0, 0x9, "00629a7d82090100000000000000f7fffffb00"})
r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TCGETS2(r2, 0x802c542a, &(0x7f0000000380))

1.374650698s ago: executing program 3 (id=3882):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x10, 0x80002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000180)={0x3, 0x98f904, 0x3})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
keyctl$get_persistent(0x16, 0xee00, 0xffffffffffffffff)
syz_open_dev$sndpcmp(0x0, 0x1, 0x2)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.115514876s ago: executing program 4 (id=3883):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
syz_usb_control_io(r1, &(0x7f0000000340)={0x2c, &(0x7f0000000040)={0x80, 0xc, 0x2, {0x2, 0x7e8e703122aff25f}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="50000000100037030000220000000000000000005c1ebd94c06ee94a1a486c5e6f3931acfe861ec18730d24e", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800900010069706970000000000c00028005000900890000001400030074756e6c3000"/56], 0x50}}, 0x40020)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8983, &(0x7f0000000200)={0x8, 'vxcan1\x00', {'veth0\x00'}, 0xd4a})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlinkprop={0x28, 0x6c, 0x923, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x80, 0x28403}, [@IFLA_NET_NS_FD={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x24008800)
r3 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000001c0), 0x8e43, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x29, 0x6f, 0xb6, 0x8, 0x9022, 0xd484, 0xff88, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x95, 0x0, 0x81, [{{0x9, 0x4, 0x1e, 0x80, 0x0, 0x56, 0xa7, 0xf6, 0x2}}]}}]}}, &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x16})
sendmsg$AUDIT_SET_FEATURE(r3, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x20, 0x3fa, 0x800, 0x70bd2d, 0x25dfdbfd, {0x1, 0x0, 0x1}, ["", "", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4004}, 0x24000080)
r4 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0xa081, 0x0)
ioctl$I2C_RDWR(r4, 0x707, &(0x7f0000000080)={&(0x7f0000000100)=[{0xb09, 0x0, 0x42, &(0x7f0000000140)="0b6223074cb6951f2276f1d3520000fe836cdc9c3f3060d71df9b1428050476ab3932e9d4f624f1c3699411b4865742a986bf6ed6253b6d77689ffedb9f0dd2fb5b1"}], 0x1})
inotify_add_watch(r3, &(0x7f0000000400)='./file0\x00', 0x20000002)

825.830908ms ago: executing program 2 (id=3884):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, 0x0)
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

261.514252ms ago: executing program 3 (id=3885):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x9, 0x100}, 0x0)
r1 = timerfd_create(0x0, 0x0)
timerfd_settime(r1, 0x3, &(0x7f0000000140), 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
write$char_usb(r2, &(0x7f0000001300)="92", 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/config', 0x0, 0x1ce)
lseek(r3, 0xffffffffffffffd9, 0x0)
landlock_restrict_self(r3, 0x4)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/fib_triestat\x00')
fcntl$dupfd(r0, 0x406, r0)

134.153402ms ago: executing program 1 (id=3886):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)={0x84, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x46, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}, 0x0, @random=0x7, 0x1, @void, @val, @val={0x3, 0x1, 0x70}, @val={0x4, 0x6, {0xf0, 0x2, 0x7f, 0xa70a}}, @val={0x6, 0x2, 0x6}, @void, @val={0x25, 0x3, {0x1, 0x8c, 0x8}}, @void, @void, @void, @val={0x72, 0x6}, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x84}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)

57.12019ms ago: executing program 0 (id=3887):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000004c00)=[{{0x0, 0x0, &(0x7f0000000240)}, 0x2ca998c3}], 0x4000032, 0x40000021, 0x0)
recvmsg$can_raw(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000340)=""/197, 0xc5}], 0x1}, 0x1)

0s ago: executing program 1 (id=3888):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400})
ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f00000000c0)={'veth0_to_team\x00'})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00'})
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000600)={@multicast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @address_reply={0x12, 0x0, 0x0, 0x100}}}}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x83, 0x7fff0000}]})
membarrier(0x10, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000ec0)={0x24, r3, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [{0x8}]}, @NL80211_ATTR_SCAN_SSIDS={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000)

kernel console output (not intermixed with test programs):

07f9a56f0fa28
[  798.294077][T16865]  </TASK>
[  799.130540][T16878] input: syz1 as /devices/virtual/input/input51
[  799.213051][T15096] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  799.292456][T16879] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3512'.
[  799.459361][T15096] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  799.479089][T15096] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  799.547470][T15096] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  799.741845][T16885] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3516'.
[  799.789272][T15096] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  799.889620][T15096] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  799.898129][T15096] usb 1-1: invalid MIDI out EP 0
[  799.931947][T15096] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22
[  799.947240][T16888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3517'.
[  799.998454][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  800.070398][T16892] netlink: 'syz.4.3519': attribute type 1 has an invalid length.
[  800.118682][T16876] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  800.138837][T16894] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3519'.
[  800.145889][T16876] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  800.241100][T16892] 8021q: adding VLAN 0 to HW filter on device bond2
[  800.374662][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  800.374680][   T30] audit: type=1326 audit(1760051130.392:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16870 comm="syz.0.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1651d8eec9 code=0x7ffc0000
[  800.405539][T16876] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  800.414820][T16876] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  800.526617][T15096] usb 1-1: USB disconnect, device number 81
[  800.595401][   T30] audit: type=1326 audit(1760051130.422:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16870 comm="syz.0.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1651d8d710 code=0x7ffc0000
[  800.617786][    C0] vkms_vblank_simulate: vblank timer overrun
[  801.325844][   T30] audit: type=1326 audit(1760051130.422:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16870 comm="syz.0.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1651d8eacb code=0x7ffc0000
[  801.348142][    C0] vkms_vblank_simulate: vblank timer overrun
[  801.429810][   T30] audit: type=1326 audit(1760051130.422:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16870 comm="syz.0.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1651d8eacb code=0x7ffc0000
[  801.496730][   T30] audit: type=1326 audit(1760051130.442:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16870 comm="syz.0.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1651d8eec9 code=0x7ffc0000
[  801.545302][   T30] audit: type=1326 audit(1760051130.442:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16870 comm="syz.0.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f1651d8eec9 code=0x7ffc0000
[  801.567652][    C0] vkms_vblank_simulate: vblank timer overrun
[  801.688311][   T30] audit: type=1326 audit(1760051130.442:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16870 comm="syz.0.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1651d8eec9 code=0x7ffc0000
[  801.788854][T16920] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3527'.
[  801.819702][   T30] audit: type=1326 audit(1760051130.442:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16870 comm="syz.0.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1651d8eec9 code=0x7ffc0000
[  801.966489][   T30] audit: type=1326 audit(1760051130.442:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16870 comm="syz.0.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1651d8eec9 code=0x7ffc0000
[  802.000749][    C0] vkms_vblank_simulate: vblank timer overrun
[  802.378920][T16907] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3524'.
[  802.645374][   T30] audit: type=1326 audit(1760051130.442:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16870 comm="syz.0.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f1651d8eec9 code=0x7ffc0000
[  802.667731][    C0] vkms_vblank_simulate: vblank timer overrun
[  803.251329][T16932] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3529'.
[  803.390367][T16935] bond3: invalid ARP target 0.0.0.0 specified for addition
[  803.402308][T16935] bond3: option arp_ip_target: invalid value (0)
[  803.414468][T16938] netlink: 'syz.0.3530': attribute type 13 has an invalid length.
[  803.426461][T16935] bond3 (unregistering): Released all slaves
[  803.572870][T16938] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  803.588669][T16944] FAULT_INJECTION: forcing a failure.
[  803.588669][T16944] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  803.588703][T16944] CPU: 0 UID: 0 PID: 16944 Comm: syz.3.3533 Not tainted syzkaller #0 PREEMPT(full) 
[  803.588726][T16944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  803.588738][T16944] Call Trace:
[  803.588746][T16944]  <TASK>
[  803.588754][T16944]  dump_stack_lvl+0x189/0x250
[  803.588779][T16944]  ? __pfx____ratelimit+0x10/0x10
[  803.588800][T16944]  ? __pfx_dump_stack_lvl+0x10/0x10
[  803.588818][T16944]  ? __pfx__printk+0x10/0x10
[  803.588837][T16944]  ? __might_fault+0xb0/0x130
[  803.588874][T16944]  should_fail_ex+0x414/0x560
[  803.588903][T16944]  _copy_from_user+0x2d/0xb0
[  803.588922][T16944]  ___sys_sendmsg+0x158/0x2a0
[  803.588947][T16944]  ? __pfx____sys_sendmsg+0x10/0x10
[  803.589003][T16944]  ? __fget_files+0x2a/0x420
[  803.589022][T16944]  ? __fget_files+0x3a0/0x420
[  803.589054][T16944]  __x64_sys_sendmsg+0x19b/0x260
[  803.589081][T16944]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  803.589114][T16944]  ? __pfx_ksys_write+0x10/0x10
[  803.589144][T16944]  ? do_syscall_64+0xbe/0xfa0
[  803.589170][T16944]  do_syscall_64+0xfa/0xfa0
[  803.589192][T16944]  ? lockdep_hardirqs_on+0x9c/0x150
[  803.589212][T16944]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  803.589232][T16944]  ? clear_bhb_loop+0x60/0xb0
[  803.589256][T16944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  803.589274][T16944] RIP: 0033:0x7f4f53b8eec9
[  803.589290][T16944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  803.589308][T16944] RSP: 002b:00007f4f54afd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  803.589328][T16944] RAX: ffffffffffffffda RBX: 00007f4f53de5fa0 RCX: 00007f4f53b8eec9
[  803.589339][T16944] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  803.589348][T16944] RBP: 00007f4f54afd090 R08: 0000000000000000 R09: 0000000000000000
[  803.589357][T16944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  803.589366][T16944] R13: 00007f4f53de6038 R14: 00007f4f53de5fa0 R15: 00007f4f53f0fa28
[  803.589394][T16944]  </TASK>
[  804.121977][T16948] FAULT_INJECTION: forcing a failure.
[  804.121977][T16948] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  804.140062][T16948] CPU: 0 UID: 0 PID: 16948 Comm: syz.4.3535 Not tainted syzkaller #0 PREEMPT(full) 
[  804.140090][T16948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  804.140103][T16948] Call Trace:
[  804.140112][T16948]  <TASK>
[  804.140121][T16948]  dump_stack_lvl+0x189/0x250
[  804.140147][T16948]  ? __pfx____ratelimit+0x10/0x10
[  804.140170][T16948]  ? __pfx_dump_stack_lvl+0x10/0x10
[  804.140189][T16948]  ? __pfx__printk+0x10/0x10
[  804.140218][T16948]  ? __might_fault+0xb0/0x130
[  804.140255][T16948]  should_fail_ex+0x414/0x560
[  804.140282][T16948]  _copy_from_user+0x2d/0xb0
[  804.140302][T16948]  ___sys_sendmsg+0x158/0x2a0
[  804.140330][T16948]  ? __pfx____sys_sendmsg+0x10/0x10
[  804.140389][T16948]  ? __fget_files+0x2a/0x420
[  804.140406][T16948]  ? __fget_files+0x3a0/0x420
[  804.140432][T16948]  __x64_sys_sendmsg+0x19b/0x260
[  804.140457][T16948]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  804.140489][T16948]  ? __pfx_ksys_write+0x10/0x10
[  804.140520][T16948]  ? do_syscall_64+0xbe/0xfa0
[  804.140546][T16948]  do_syscall_64+0xfa/0xfa0
[  804.140569][T16948]  ? lockdep_hardirqs_on+0x9c/0x150
[  804.140591][T16948]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  804.140609][T16948]  ? clear_bhb_loop+0x60/0xb0
[  804.140633][T16948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  804.140651][T16948] RIP: 0033:0x7f8ab9b8eec9
[  804.140668][T16948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  804.140684][T16948] RSP: 002b:00007f8abaa18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  804.140705][T16948] RAX: ffffffffffffffda RBX: 00007f8ab9de5fa0 RCX: 00007f8ab9b8eec9
[  804.140719][T16948] RDX: 0000000000000010 RSI: 0000200000002ac0 RDI: 0000000000000006
[  804.140730][T16948] RBP: 00007f8abaa18090 R08: 0000000000000000 R09: 0000000000000000
[  804.140742][T16948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  804.140754][T16948] R13: 00007f8ab9de6038 R14: 00007f8ab9de5fa0 R15: 00007f8ab9f0fa28
[  804.140787][T16948]  </TASK>
[  804.349210][T15096] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  804.513682][T15096] usb 4-1: Using ep0 maxpacket: 16
[  804.525019][T15096] usb 4-1: config 8 has an invalid interface number: 39 but max is 0
[  804.534290][T15096] usb 4-1: config 8 has no interface number 0
[  804.540770][T15096] usb 4-1: config 8 interface 39 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 521
[  804.653071][T15096] usb 4-1: config 8 interface 39 has no altsetting 0
[  804.670427][T15096] usb 4-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  804.681050][T15096] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.690747][T15096] usb 4-1: Product: syz
[  804.700284][T15096] usb 4-1: Manufacturer: syz
[  804.706692][T15096] usb 4-1: SerialNumber: syz
[  804.711694][T16965] netlink: 'syz.4.3540': attribute type 1 has an invalid length.
[  804.720563][T16946] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  804.960320][T16968] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3540'.
[  805.007907][T16965] 8021q: adding VLAN 0 to HW filter on device bond3
[  805.033103][ T5941] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  805.075440][T15096] ipheth 4-1:8.39: Unable to find endpoints
[  805.119268][T15096] usb 4-1: USB disconnect, device number 70
[  805.292349][ T5941] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  805.304797][ T5941] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  805.329021][ T5941] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  805.351145][ T5941] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  805.530516][ T5941] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  805.538121][ T5941] usb 2-1: invalid MIDI out EP 0
[  805.793347][T16967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  805.805413][T16967] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  805.825397][ T5941] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[  806.037314][T16967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  806.047791][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  806.047807][   T30] audit: type=1326 audit(1760051136.042:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16962 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  806.055759][T16967] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  806.260733][   T30] audit: type=1326 audit(1760051136.042:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16962 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3cbe78d710 code=0x7ffc0000
[  806.317601][   T30] audit: type=1326 audit(1760051136.052:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16962 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3cbe78eacb code=0x7ffc0000
[  806.391446][   T30] audit: type=1326 audit(1760051136.052:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16962 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3cbe78eacb code=0x7ffc0000
[  806.515631][  T876] usb 2-1: USB disconnect, device number 81
[  806.762161][   T30] audit: type=1326 audit(1760051136.492:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16962 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  806.831346][   T30] audit: type=1326 audit(1760051136.502:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16962 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  806.892649][   T30] audit: type=1326 audit(1760051136.502:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16962 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  806.962011][   T30] audit: type=1326 audit(1760051136.502:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16962 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  807.047416][   T30] audit: type=1326 audit(1760051136.502:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16962 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  807.242909][   T30] audit: type=1326 audit(1760051136.502:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16962 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  807.411519][T16987] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3546'.
[  808.303051][ T5941] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[  808.517859][  T876] usb 1-1: new full-speed USB device number 82 using dummy_hcd
[  808.573107][ T5941] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  808.607880][ T5941] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  808.621170][ T5941] usb 3-1: Product: syz
[  808.660063][ T5941] usb 3-1: Manufacturer: syz
[  808.711261][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  808.718199][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  808.725459][  T876] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  808.728313][ T5941] usb 3-1: SerialNumber: syz
[  808.739410][  T876] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  808.766320][ T5941] r8152-cfgselector 3-1: Unknown version 0x0000
[  808.772707][ T5941] r8152-cfgselector 3-1: config 0 descriptor??
[  808.917652][  T876] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  808.937809][  T876] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  808.959952][  T876] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  809.058170][  T876] usb 1-1: config 0 interface 0 has no altsetting 0
[  809.299804][  T876] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  809.309280][  T876] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  809.317880][  T876] usb 1-1: Product: syz
[  809.322360][  T876] usb 1-1: Manufacturer: syz
[  809.328012][  T876] usb 1-1: SerialNumber: syz
[  809.344248][  T876] usb 1-1: config 0 descriptor??
[  809.354437][T17000] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  809.369563][  T876] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  809.392744][  T876] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  810.333332][ T5911] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  810.493487][ T5911] usb 2-1: Using ep0 maxpacket: 32
[  810.514741][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  810.562929][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  810.572259][T17019] input: syz1 as /devices/virtual/input/input52
[  810.586242][ T5911] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  810.595383][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  810.619559][ T5911] usb 2-1: config 0 descriptor??
[  810.644141][ T5911] hub 2-1:0.0: USB hub found
[  811.262266][ T5941] r8152-cfgselector 3-1: USB disconnect, device number 93
[  811.632697][T17023] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  811.653650][T17023] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  811.717260][T16785] usb 1-1: USB disconnect, device number 82
[  811.730208][T16785] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  812.244354][ T5911] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[  812.292042][ T5911] usbhid 2-1:0.0: can't add hid device: -71
[  812.310690][ T5911] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  812.468174][ T5911] usb 2-1: USB disconnect, device number 82
[  812.648959][T17045] syzkaller0: create flow: hash 2146019751 index 1
[  812.986901][T17050] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3567'.
[  813.106260][T17050] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3567'.
[  813.118593][T17045] syzkaller0: delete flow: hash 2146019751 index 1
[  813.175330][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  813.175351][   T30] audit: type=1800 audit(1760051143.162:212): pid=17050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3567" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  813.606848][T16785] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[  813.787119][T16785] usb 5-1: Using ep0 maxpacket: 8
[  813.807858][T16785] usb 5-1: config 1 has an invalid descriptor of length 158, skipping remainder of the config
[  813.827814][T16785] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  813.845919][T16785] usb 5-1: config 1 has no interface number 1
[  813.861768][T16785] usb 5-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  813.906537][T16785] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  813.923107][T16785] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  813.931440][T16785] usb 5-1: Product: syz
[  813.950651][T16785] usb 5-1: Manufacturer: syz
[  813.968696][T16785] usb 5-1: SerialNumber: syz
[  814.561372][   T30] audit: type=1326 audit(1760051144.572:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17055 comm="syz.1.3569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  815.703389][T17070] input: syz1 as /devices/virtual/input/input53
[  815.868408][T16785] usb 5-1: cannot find UAC_HEADER
[  816.010570][T16785] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  816.056804][T16785] usb 5-1: USB disconnect, device number 93
[  816.057650][T15193] udevd[15193]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  816.963075][ T5889] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  817.187348][ T5889] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  817.199091][ T5889] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  817.210763][ T5889] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  817.237198][ T5889] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  817.328797][ T5889] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  817.337954][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  817.346922][ T5889] usb 4-1: Product: syz
[  817.351184][ T5889] usb 4-1: Manufacturer: syz
[  817.382632][ T5889] cdc_wdm 4-1:1.0: skipping garbage
[  817.388068][T15096] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[  817.395773][ T5889] cdc_wdm 4-1:1.0: skipping garbage
[  817.401834][ T5889] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  817.545809][T15096] usb 3-1: Using ep0 maxpacket: 16
[  817.561581][T15096] usb 3-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7
[  817.570845][T15096] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  817.587230][T15096] usb 3-1: Product: syz
[  817.595190][T15096] usb 3-1: Manufacturer: syz
[  817.603121][T15096] usb 3-1: SerialNumber: syz
[  817.634024][T15096] usb 3-1: config 0 descriptor??
[  817.697239][T16785] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  817.712073][T15096] hub 3-1:0.0: bad descriptor, ignoring hub
[  817.718415][T15096] hub 3-1:0.0: probe with driver hub failed with error -5
[  817.922635][T16785] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  817.933731][T16785] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  817.944653][T16785] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  817.980882][T16785] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  818.028275][T16785] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  818.055692][T16785] usb 2-1: invalid MIDI out EP 0
[  818.083687][T15096] usb 3-1: USB disconnect, device number 94
[  818.218820][T17085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  818.248845][T17085] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  818.269690][T16785] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[  818.307566][T15096] usb 2-1: USB disconnect, device number 83
[  819.664224][ T5911] usb 4-1: USB disconnect, device number 71
[  820.013823][T16785] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[  820.133047][ T5911] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  820.173064][T16785] usb 3-1: Using ep0 maxpacket: 16
[  820.181914][T16785] usb 3-1: config 8 has an invalid interface number: 39 but max is 0
[  820.214218][T16785] usb 3-1: config 8 has no interface number 0
[  820.242036][T16785] usb 3-1: config 8 interface 39 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 521
[  820.367055][T16785] usb 3-1: config 8 interface 39 has no altsetting 0
[  820.381965][ T5911] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  820.429094][ T5911] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  820.448748][T16785] usb 3-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  820.563169][ T5911] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  820.583136][T16785] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  820.603629][T16785] usb 3-1: Product: syz
[  820.635716][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  820.705443][T16785] usb 3-1: Manufacturer: syz
[  820.732113][T16785] usb 3-1: SerialNumber: syz
[  820.807691][ T5911] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  820.816190][T17108] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  820.999438][ T5911] usb 2-1: invalid MIDI out EP 0
[  821.010562][T17114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  821.036027][T17114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  821.252337][   T30] audit: type=1326 audit(1760051151.262:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  821.296688][T17114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  821.306892][ T9096] udevd[9096]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  821.314712][T17114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  821.589626][ T5911] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[  821.645479][   T30] audit: type=1326 audit(1760051151.262:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  821.708845][ T5911] usb 2-1: USB disconnect, device number 84
[  821.785164][   T30] audit: type=1326 audit(1760051151.262:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3cbe78d710 code=0x7ffc0000
[  821.924982][   T30] audit: type=1326 audit(1760051151.262:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3cbe78eacb code=0x7ffc0000
[  822.008909][   T30] audit: type=1326 audit(1760051151.262:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3cbe78eacb code=0x7ffc0000
[  822.064726][   T30] audit: type=1326 audit(1760051151.612:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  822.130914][   T30] audit: type=1326 audit(1760051151.612:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  822.166668][   T30] audit: type=1326 audit(1760051151.612:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  822.191549][   T30] audit: type=1326 audit(1760051151.612:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  822.197096][T16785] ipheth 3-1:8.39: Unable to find endpoints
[  822.250406][   T30] audit: type=1326 audit(1760051151.612:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17109 comm="syz.1.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cbe78eec9 code=0x7ffc0000
[  822.388174][T16785] usb 3-1: USB disconnect, device number 95
[  822.915729][T17134] netlink: 'syz.4.3592': attribute type 5 has an invalid length.
[  822.927946][T17134] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3592'.
[  823.204023][T17145] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3596'.
[  823.406387][  T876] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[  823.831445][  T876] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  823.844267][  T876] usb 3-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  823.863256][T17149] input: syz1 as /devices/virtual/input/input54
[  823.902497][  T876] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  823.940891][  T876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  823.961096][  T876] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  823.969225][  T876] usb 3-1: invalid MIDI out EP 0
[  824.120558][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  824.148785][  T876] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  824.275515][T17139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  824.309037][T17139] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  824.427633][T15096] usb 3-1: USB disconnect, device number 96
[  824.738257][T17162] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3600'.
[  826.963617][ T5911] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[  827.233099][ T5911] usb 5-1: Using ep0 maxpacket: 16
[  827.297789][ T5911] usb 5-1: config 8 has an invalid interface number: 39 but max is 0
[  827.317453][ T5911] usb 5-1: config 8 has no interface number 0
[  827.323962][  T876] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  827.503798][ T5911] usb 5-1: config 8 interface 39 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 521
[  827.513833][ T5911] usb 5-1: config 8 interface 39 has no altsetting 0
[  827.563236][T15096] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  827.576961][ T5911] usb 5-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  827.607293][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  827.631990][ T5911] usb 5-1: Product: syz
[  827.642279][ T5911] usb 5-1: Manufacturer: syz
[  827.659599][ T5911] usb 5-1: SerialNumber: syz
[  827.681973][T17175] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  827.692244][  T876] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  827.703360][  T876] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  827.715062][  T876] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  827.725571][  T876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  827.765761][T17179] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  827.778920][  T876] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  827.789429][T15096] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  827.849906][T15096] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  827.930902][T15096] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  828.051717][T15096] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  828.069103][T17186] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  828.080102][T15096] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  828.204654][T15096] usb 2-1: USB disconnect, device number 85
[  828.302611][ T5941] usb 4-1: USB disconnect, device number 72
[  828.505375][ T5911] ipheth 5-1:8.39: Unable to find endpoints
[  828.537084][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  828.537097][   T30] audit: type=1326 audit(1760051158.552:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17185 comm="syz.3.3606" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4f53b8eec9 code=0x0
[  828.614571][ T6021] udevd[6021]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  828.654516][ T5911] usb 5-1: USB disconnect, device number 94
[  829.423392][T15096] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  829.433204][ T5941] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[  829.573115][T15096] usb 1-1: Using ep0 maxpacket: 8
[  829.586857][T15096] usb 1-1: config 2 has an invalid interface number: 241 but max is 0
[  829.596191][T15096] usb 1-1: config 2 has no interface number 0
[  829.603776][T15096] usb 1-1: config 2 interface 241 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  829.614081][ T5941] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  829.625302][ T5941] usb 5-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  829.636863][T15096] usb 1-1: config 2 interface 241 has no altsetting 0
[  829.649764][ T5941] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  829.659126][ T5941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  829.669367][T15096] usb 1-1: New USB device found, idVendor=110a, idProduct=1130, bcdDevice=b3.a3
[  829.678539][T15096] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  829.687475][T15096] usb 1-1: Product: syz
[  829.695534][ T5941] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  829.704584][T15096] usb 1-1: Manufacturer: syz
[  829.711733][ T5941] usb 5-1: invalid MIDI out EP 0
[  829.720006][T15096] usb 1-1: SerialNumber: syz
[  829.773996][T15096] ti_usb_3410_5052 1-1:2.241: TI USB 3410 1 port adapter converter detected
[  829.782927][T15096] ti_usb_3410_5052 1-1:2.241: missing endpoints
[  829.868628][ T5970] udevd[5970]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  829.896150][T17202] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  829.910424][ T5941] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22
[  829.916048][T17202] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  829.969762][ T5911] usb 1-1: USB disconnect, device number 83
[  830.000987][T16785] usb 5-1: USB disconnect, device number 95
[  832.003138][T16785] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  832.095946][T17259] FAULT_INJECTION: forcing a failure.
[  832.095946][T17259] name failslab, interval 1, probability 0, space 0, times 0
[  832.108882][T17259] CPU: 1 UID: 0 PID: 17259 Comm: syz.1.3632 Not tainted syzkaller #0 PREEMPT(full) 
[  832.108908][T17259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  832.108920][T17259] Call Trace:
[  832.108928][T17259]  <TASK>
[  832.108938][T17259]  dump_stack_lvl+0x189/0x250
[  832.108965][T17259]  ? __pfx____ratelimit+0x10/0x10
[  832.108989][T17259]  ? __pfx_dump_stack_lvl+0x10/0x10
[  832.109010][T17259]  ? __pfx__printk+0x10/0x10
[  832.109036][T17259]  ? __pfx___might_resched+0x10/0x10
[  832.109063][T17259]  should_fail_ex+0x414/0x560
[  832.109091][T17259]  should_failslab+0xa8/0x100
[  832.109112][T17259]  __kmalloc_noprof+0xcb/0x7f0
[  832.109137][T17259]  ? kfree+0x4d/0x6d0
[  832.109157][T17259]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  832.109192][T17259]  tomoyo_realpath_from_path+0xe3/0x5d0
[  832.109221][T17259]  ? tomoyo_domain+0xd9/0x130
[  832.109254][T17259]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  832.109276][T17259]  tomoyo_path_number_perm+0x1e8/0x5a0
[  832.109302][T17259]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  832.109324][T17259]  ? trace_sched_exit_tp+0x36/0x110
[  832.109351][T17259]  ? __schedule+0x17ae/0x4cc0
[  832.109408][T17259]  ? __fget_files+0x2a/0x420
[  832.109431][T17259]  ? __fget_files+0x3a0/0x420
[  832.109447][T17259]  ? __fget_files+0x2a/0x420
[  832.109469][T17259]  security_file_ioctl+0xcb/0x2d0
[  832.109492][T17259]  __se_sys_ioctl+0x47/0x170
[  832.109519][T17259]  do_syscall_64+0xfa/0xfa0
[  832.109544][T17259]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  832.109562][T17259]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  832.109581][T17259]  ? clear_bhb_loop+0x60/0xb0
[  832.109605][T17259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  832.109624][T17259] RIP: 0033:0x7f3cbe78eec9
[  832.109642][T17259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  832.109659][T17259] RSP: 002b:00007f3cbf54f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  832.109687][T17259] RAX: ffffffffffffffda RBX: 00007f3cbe9e6180 RCX: 00007f3cbe78eec9
[  832.109702][T17259] RDX: ffffffffffffffff RSI: 00000000c040128b RDI: 0000000000000008
[  832.109715][T17259] RBP: 00007f3cbf54f090 R08: 0000000000000000 R09: 0000000000000000
[  832.109728][T17259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  832.109740][T17259] R13: 00007f3cbe9e6218 R14: 00007f3cbe9e6180 R15: 00007f3cbeb0fa28
[  832.109774][T17259]  </TASK>
[  832.109797][T17259] ERROR: Out of memory at tomoyo_realpath_from_path.
[  832.371310][T17263] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3633'.
[  832.385514][T16785] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  832.420181][T16785] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  832.448976][T16785] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  832.473230][T16785] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  832.533232][T16785] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  832.582769][T16785] usb 1-1: invalid MIDI out EP 0
[  832.704875][T17267] 8021q: adding VLAN 0 to HW filter on device bond2
[  832.717407][T17252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  832.768821][T17252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  832.836985][T17270] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  832.899299][T16785] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22
[  832.940478][T16785] usb 1-1: USB disconnect, device number 84
[  832.974408][T17272] random: crng reseeded on system resumption
[  833.387419][T17279] 8021q: adding VLAN 0 to HW filter on device bond3
[  833.465002][T17282] bond2: (slave veth0_to_bond): Releasing backup interface
[  833.480317][T17282] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  833.916962][T17288] FAULT_INJECTION: forcing a failure.
[  833.916962][T17288] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  833.930419][T17288] CPU: 1 UID: 0 PID: 17288 Comm: syz.1.3640 Not tainted syzkaller #0 PREEMPT(full) 
[  833.930440][T17288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  833.930453][T17288] Call Trace:
[  833.930460][T17288]  <TASK>
[  833.930470][T17288]  dump_stack_lvl+0x189/0x250
[  833.930496][T17288]  ? __pfx____ratelimit+0x10/0x10
[  833.930515][T17288]  ? __pfx_dump_stack_lvl+0x10/0x10
[  833.930525][T17288]  ? __pfx__printk+0x10/0x10
[  833.930536][T17288]  ? __might_fault+0xb0/0x130
[  833.930557][T17288]  should_fail_ex+0x414/0x560
[  833.930572][T17288]  _copy_from_user+0x2d/0xb0
[  833.930583][T17288]  ___sys_sendmsg+0x158/0x2a0
[  833.930598][T17288]  ? __pfx____sys_sendmsg+0x10/0x10
[  833.930629][T17288]  ? __fget_files+0x2a/0x420
[  833.930638][T17288]  ? __fget_files+0x3a0/0x420
[  833.930652][T17288]  __x64_sys_sendmsg+0x19b/0x260
[  833.930666][T17288]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  833.930683][T17288]  ? __pfx_ksys_write+0x10/0x10
[  833.930699][T17288]  ? do_syscall_64+0xbe/0xfa0
[  833.930714][T17288]  do_syscall_64+0xfa/0xfa0
[  833.930726][T17288]  ? lockdep_hardirqs_on+0x9c/0x150
[  833.930738][T17288]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  833.930748][T17288]  ? clear_bhb_loop+0x60/0xb0
[  833.930768][T17288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  833.930778][T17288] RIP: 0033:0x7f3cbe78eec9
[  833.930789][T17288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  833.930798][T17288] RSP: 002b:00007f3cbf591038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  833.930810][T17288] RAX: ffffffffffffffda RBX: 00007f3cbe9e5fa0 RCX: 00007f3cbe78eec9
[  833.930818][T17288] RDX: 0000000004000004 RSI: 0000200000000380 RDI: 0000000000000004
[  833.930825][T17288] RBP: 00007f3cbf591090 R08: 0000000000000000 R09: 0000000000000000
[  833.930832][T17288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  833.930838][T17288] R13: 00007f3cbe9e6038 R14: 00007f3cbe9e5fa0 R15: 00007f3cbeb0fa28
[  833.930855][T17288]  </TASK>
[  834.203845][ T5941] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  834.422744][T17290] FAULT_INJECTION: forcing a failure.
[  834.422744][T17290] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  834.445757][T17290] CPU: 0 UID: 0 PID: 17290 Comm: syz.2.3642 Not tainted syzkaller #0 PREEMPT(full) 
[  834.445775][T17290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  834.445782][T17290] Call Trace:
[  834.445787][T17290]  <TASK>
[  834.445792][T17290]  dump_stack_lvl+0x189/0x250
[  834.445808][T17290]  ? __pfx____ratelimit+0x10/0x10
[  834.445821][T17290]  ? __pfx_dump_stack_lvl+0x10/0x10
[  834.445832][T17290]  ? __pfx__printk+0x10/0x10
[  834.445843][T17290]  ? __might_fault+0xb0/0x130
[  834.445863][T17290]  should_fail_ex+0x414/0x560
[  834.445879][T17290]  _copy_from_user+0x2d/0xb0
[  834.445890][T17290]  ___sys_sendmsg+0x158/0x2a0
[  834.445904][T17290]  ? __pfx____sys_sendmsg+0x10/0x10
[  834.445934][T17290]  ? __fget_files+0x2a/0x420
[  834.445944][T17290]  ? __fget_files+0x3a0/0x420
[  834.445958][T17290]  __x64_sys_sendmsg+0x19b/0x260
[  834.445972][T17290]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  834.445989][T17290]  ? __pfx_ksys_write+0x10/0x10
[  834.446005][T17290]  ? do_syscall_64+0xbe/0xfa0
[  834.446020][T17290]  do_syscall_64+0xfa/0xfa0
[  834.446031][T17290]  ? lockdep_hardirqs_on+0x9c/0x150
[  834.446044][T17290]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  834.446054][T17290]  ? clear_bhb_loop+0x60/0xb0
[  834.446067][T17290]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  834.446077][T17290] RIP: 0033:0x7f9a56b8eec9
[  834.446087][T17290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  834.446097][T17290] RSP: 002b:00007f9a57a4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  834.446109][T17290] RAX: ffffffffffffffda RBX: 00007f9a56de5fa0 RCX: 00007f9a56b8eec9
[  834.446117][T17290] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  834.446123][T17290] RBP: 00007f9a57a4a090 R08: 0000000000000000 R09: 0000000000000000
[  834.446130][T17290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  834.446136][T17290] R13: 00007f9a56de6038 R14: 00007f9a56de5fa0 R15: 00007f9a56f0fa28
[  834.446152][T17290]  </TASK>
[  834.651977][    C0] vkms_vblank_simulate: vblank timer overrun
[  834.663007][ T5941] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  834.673341][ T5941] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  834.684447][ T5941] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  834.697505][ T5941] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  834.752525][ T5941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  834.820701][ T5941] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  834.858952][ T5941] usb 4-1: invalid MIDI out EP 0
[  834.934607][T17299] Invalid logical block size (7)
[  834.941886][T17299] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3641'.
[  835.000726][T15193] udevd[15193]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  835.023129][ T5916] usb 3-1: new low-speed USB device number 97 using dummy_hcd
[  835.031938][ T5941] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  835.200101][ T5916] usb 3-1: No LPM exit latency info found, disabling LPM.
[  835.211254][ T5916] usb 3-1: no configurations
[  835.234689][ T5941] usb 4-1: USB disconnect, device number 73
[  835.243404][ T5916] usb 3-1: can't read configurations, error -22
[  835.286566][T17309] loop2: detected capacity change from 0 to 7
[  835.310441][T17309] Dev loop2: unable to read RDB block 7
[  835.322846][T17309]  loop2: unable to read partition table
[  835.346504][T17309] loop2: partition table beyond EOD, truncated
[  835.394245][T17309] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  835.404376][ T5916] usb 3-1: new low-speed USB device number 98 using dummy_hcd
[  835.573180][T16785] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  835.585136][ T5916] usb 3-1: No LPM exit latency info found, disabling LPM.
[  835.596858][T17314] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3650'.
[  835.703192][ T5916] usb 3-1: no configurations
[  835.737863][ T5916] usb 3-1: can't read configurations, error -22
[  835.768317][ T5916] usb usb3-port1: attempt power cycle
[  835.773657][T16785] usb 5-1: Using ep0 maxpacket: 16
[  835.794693][T16785] usb 5-1: New USB device found, idVendor=0458, idProduct=704a, bcdDevice=3a.55
[  835.863449][T16785] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  835.915609][T16785] usb 5-1: Product: syz
[  835.921479][T16785] usb 5-1: Manufacturer: syz
[  835.921882][T17317] netlink: 1312 bytes leftover after parsing attributes in process `syz.1.3651'.
[  835.936154][T16785] usb 5-1: SerialNumber: syz
[  835.995276][T16785] usb 5-1: config 0 descriptor??
[  836.006921][T16785] gspca_main: gspca_sn9c20x-2.14.0 probing 0458:704a
[  836.143088][ T5916] usb 3-1: new low-speed USB device number 99 using dummy_hcd
[  836.176321][ T5916] usb 3-1: No LPM exit latency info found, disabling LPM.
[  836.196488][ T5916] usb 3-1: no configurations
[  836.211385][ T5916] usb 3-1: can't read configurations, error -22
[  836.403150][ T5916] usb 3-1: new low-speed USB device number 100 using dummy_hcd
[  836.417432][T16785] gspca_sn9c20x: Write register 1001 failed -71
[  836.453126][T16785] gspca_sn9c20x: Device initialization failed
[  836.455219][ T5916] usb 3-1: No LPM exit latency info found, disabling LPM.
[  836.463761][ T5837] Bluetooth: hci3: command 0x0406 tx timeout
[  836.469717][ T5916] usb 3-1: no configurations
[  836.479603][ T5916] usb 3-1: can't read configurations, error -22
[  836.486564][T16785] gspca_sn9c20x 5-1:0.0: probe with driver gspca_sn9c20x failed with error -71
[  836.507874][T16785] usb 5-1: USB disconnect, device number 96
[  836.528749][ T5916] usb usb3-port1: unable to enumerate USB device
[  836.725518][T17324] vivid-000: disconnect
[  836.821552][T17329] No buffer was provided with the request
[  836.830164][T17329] trusted_key: encrypted_key: insufficient parameters specified
[  837.004881][ T5916] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[  837.117591][T17319] vivid-000: reconnect
[  837.173655][ T5916] usb 2-1: Using ep0 maxpacket: 8
[  837.185534][ T5916] usb 2-1: config 0 has an invalid interface number: 56 but max is 0
[  837.198060][T15096] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  837.206763][ T5916] usb 2-1: config 0 has no interface number 0
[  837.223204][ T5916] usb 2-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  837.232265][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  837.240307][ T5916] usb 2-1: Product: syz
[  837.244548][ T5916] usb 2-1: Manufacturer: syz
[  837.249187][ T5916] usb 2-1: SerialNumber: syz
[  837.256471][ T5916] usb 2-1: config 0 descriptor??
[  837.268030][ T5916] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  837.276000][ T5916] pctv452e: pctv452e_power_ctrl: 1
[  837.276000][ T5916] 
[  837.287139][ T5916] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  837.287139][ T5916] 
[  837.297548][ T5916] dvb-usb: bulk message failed: -22 (5/0)
[  837.306270][ T5916] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  837.318866][ T5916] dvbdev: DVB: registering new adapter (Technotrend TT Connect S2-3600)
[  837.327370][ T5916] usb 2-1: media controller created
[  837.332722][ T5916] dvb-usb: bulk message failed: -22 (8/0)
[  837.338571][ T5916] pctv452e: I2C error -22; AA 01  A0 01 14 -> aa 01 31 04 a0 01 14
[  837.351290][ T5916] dvb-usb: MAC address reading failed.
[  837.368907][T15096] usb 5-1: Using ep0 maxpacket: 32
[  837.380287][T15096] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  837.389422][T15096] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.400437][T15096] usb 5-1: config 0 descriptor??
[  837.417583][T15096] gspca_main: sunplus-2.14.0 probing 041e:400b
[  837.425872][ T5916] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  837.465321][T17328] dvb-usb: bulk message failed: -22 (7/0)
[  837.472725][T17328] pctv452e: I2C error -22; AA 02  00 00 00 -> aa 02 31 03 00 00 00
[  837.520626][ T5916] DVB: Unable to find symbol stb0899_attach()
[  837.528724][ T5916] dvb-usb: no frontend was attached by 'Technotrend TT Connect S2-3600'
[  837.753279][T16785] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  838.065379][T16785] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  838.075398][T16785] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  838.086353][T16785] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  838.119800][T16785] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  838.330287][ T5916] rc_core: IR keymap rc-tt-1500 not found
[  838.346705][ T5916] Registered IR keymap rc-empty
[  838.352216][T15096] gspca_sunplus: reg_w_riv err -71
[  838.357765][T15096] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  838.366571][ T5916] rc rc0: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  838.378134][T15096] usb 5-1: USB disconnect, device number 97
[  838.425145][ T5916] input: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input55
[  838.427877][T16785] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  838.478569][ T5916] dvb-usb: schedule remote query interval to 100 msecs.
[  838.486559][T16785] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  838.517622][T16785] usb 1-1: Product: syz
[  838.519066][ T5916] pctv452e: pctv452e_power_ctrl: 0
[  838.519066][ T5916] 
[  838.589888][T16785] usb 1-1: Manufacturer: syz
[  838.603367][ T5916] dvb-usb: Technotrend TT Connect S2-3600 successfully initialized and connected.
[  838.623091][ T5941] dvb-usb: bulk message failed: -22 (4/0)
[  838.760876][ T5941] dvb-usb: error -22 while querying for an remote control event.
[  838.774127][T16785] cdc_wdm 1-1:1.0: skipping garbage
[  838.804247][T16785] cdc_wdm 1-1:1.0: skipping garbage
[  838.904354][T16785] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  838.933160][ T5941] dvb-usb: bulk message failed: -22 (4/0)
[  838.940376][ T5941] dvb-usb: error -22 while querying for an remote control event.
[  839.093711][ T5916] dvb-usb: bulk message failed: -22 (4/0)
[  839.116933][ T5916] dvb-usb: error -22 while querying for an remote control event.
[  839.507758][ T5916] dvb-usb: bulk message failed: -22 (4/0)
[  839.527486][ T5916] dvb-usb: error -22 while querying for an remote control event.
[  839.663606][ T5916] dvb-usb: bulk message failed: -22 (4/0)
[  839.676096][ T5916] dvb-usb: error -22 while querying for an remote control event.
[  839.887814][ T5916] dvb-usb: bulk message failed: -22 (4/0)
[  839.910440][ T5916] dvb-usb: error -22 while querying for an remote control event.
[  840.040109][ T5916] dvb-usb: bulk message failed: -22 (4/0)
[  840.051665][ T5916] dvb-usb: error -22 while querying for an remote control event.
[  840.186693][ T5916] usb 2-1: USB disconnect, device number 86
[  840.379125][ T5916] dvb-usb: Technotrend TT Connect S2-3600 successfully deinitialized and disconnected.
[  840.404005][T17359] loop2: detected capacity change from 0 to 7
[  840.413832][T17359]  loop2:
[  840.417362][T17359] loop2: partition table partially beyond EOD, truncated
[  840.502080][ T5196]  loop2:
[  840.518603][ T5196] loop2: partition table partially beyond EOD, truncated
[  840.680578][ T5916] usb 1-1: USB disconnect, device number 85
[  841.095818][T17373] netlink: 92 bytes leftover after parsing attributes in process `syz.1.3670'.
[  841.444210][T17383] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3672'.
[  841.474143][T17383] veth2: entered promiscuous mode
[  841.479320][T17383] veth2: entered allmulticast mode
[  841.565042][T17384] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3672'.
[  841.613670][ T5916] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  841.719775][T17388] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3672'.
[  841.861832][ T5916] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  841.901679][ T5916] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  841.924362][ T5916] usb 1-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  841.942280][ T5916] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  841.958567][ T5916] usb 1-1: config 0 descriptor??
[  842.802503][T17402] fuse: Invalid rootmode
[  843.143160][T16785] usb 5-1: new full-speed USB device number 98 using dummy_hcd
[  843.305468][T16785] usb 5-1: config 8 has an invalid interface number: 101 but max is 0
[  843.319005][T16785] usb 5-1: config 8 has no interface number 0
[  843.334838][T16785] usb 5-1: config 8 interface 101 has no altsetting 0
[  843.362177][T16785] usb 5-1: New USB device found, idVendor=046d, idProduct=0960, bcdDevice=97.b4
[  843.389349][T16785] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  843.778143][T16785] usb 5-1: string descriptor 0 read error: -71
[  843.802156][T16785] gspca_main: sunplus-2.14.0 probing 046d:0960
[  843.870670][T16785] gspca_sunplus: reg_w_riv err -71
[  843.888719][T16785] sunplus 5-1:8.101: probe with driver sunplus failed with error -71
[  844.097333][T16785] usb 5-1: USB disconnect, device number 98
[  844.662698][T16785] usb 1-1: USB disconnect, device number 86
[  844.865928][T17424] netlink: 'syz.2.3685': attribute type 4 has an invalid length.
[  844.904041][T17423] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  844.911417][T17423] syzkaller0: entered promiscuous mode
[  844.924870][T17423] syzkaller0: entered allmulticast mode
[  844.942346][T17425] netlink: 'syz.2.3685': attribute type 4 has an invalid length.
[  845.074000][T17423] tipc: Resetting bearer <eth:syzkaller0>
[  845.304103][T17422] tipc: Resetting bearer <eth:syzkaller0>
[  845.508083][T17422] tipc: Disabling bearer <eth:syzkaller0>
[  845.953056][ T5828] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[  846.129315][ T5828] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  846.156654][ T5828] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  846.162340][T17443] loop3: detected capacity change from 0 to 1
[  846.173892][ T5828] usb 2-1: config 0 descriptor??
[  846.180110][T17440] 8021q: adding VLAN 0 to HW filter on device bond4
[  846.192083][ T5828] cp210x 2-1:0.0: cp210x converter detected
[  846.204625][T17443] Dev loop3: unable to read RDB block 1
[  846.210295][T17443]  loop3: unable to read partition table
[  846.216764][T17443] loop3: partition table beyond EOD, truncated
[  846.224724][T17443] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[  846.252442][T17444] bond3: (slave veth0_to_bond): Releasing backup interface
[  846.289116][T17444] bond4: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  846.531032][T17455] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3695'.
[  847.090204][ T5828] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  847.161015][ T5828] usb 2-1: cp210x converter now attached to ttyUSB0
[  847.339504][ T5889] usb 2-1: USB disconnect, device number 87
[  847.490075][ T5889] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  847.624402][ T5889] cp210x 2-1:0.0: device disconnected
[  848.002066][T17476] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3701'.
[  848.515049][ T5889] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  848.697108][ T5889] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  848.712373][ T5889] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  848.932123][ T5889] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  848.983286][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  849.021647][T17483] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  849.080131][ T5889] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  849.318257][T17498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  849.353789][T17498] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  851.055481][ T5889] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[  851.327513][T15096] usb 4-1: USB disconnect, device number 74
[  851.419281][ T5889] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  851.432285][ T5889] usb 5-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  851.458409][ T5889] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  851.494144][ T5889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  851.558049][ T5889] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  851.579032][ T5889] usb 5-1: invalid MIDI out EP 0
[  851.654748][ T5889] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22
[  851.763992][T15096] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  851.774823][T17511] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  851.806097][T17511] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  851.846833][ T5972] udevd[5972]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  851.933526][T15096] usb 4-1: Using ep0 maxpacket: 8
[  851.955226][T15096] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  851.974736][T15096] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  851.987580][T15096] usb 4-1: config 0 has no interface number 0
[  852.015277][T15096] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  852.024548][T15096] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  852.032547][T15096] usb 4-1: Product: syz
[  852.066507][T15096] usb 4-1: Manufacturer: syz
[  852.071293][T15096] usb 4-1: SerialNumber: syz
[  852.086560][T15096] usb 4-1: config 0 descriptor??
[  852.171163][ T5941] usb 5-1: USB disconnect, device number 99
[  852.298900][T15096] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  852.325419][T15096] uvcvideo 4-1:0.31: No valid video chain found.
[  852.403608][T17531] FAULT_INJECTION: forcing a failure.
[  852.403608][T17531] name failslab, interval 1, probability 0, space 0, times 0
[  852.436585][T17531] CPU: 0 UID: 0 PID: 17531 Comm: syz.2.3718 Not tainted syzkaller #0 PREEMPT(full) 
[  852.436611][T17531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  852.436624][T17531] Call Trace:
[  852.436632][T17531]  <TASK>
[  852.436640][T17531]  dump_stack_lvl+0x189/0x250
[  852.436665][T17531]  ? __pfx____ratelimit+0x10/0x10
[  852.436693][T17531]  ? __pfx_dump_stack_lvl+0x10/0x10
[  852.436714][T17531]  ? __pfx__printk+0x10/0x10
[  852.436741][T17531]  ? __pfx___might_resched+0x10/0x10
[  852.436762][T17531]  ? fs_reclaim_acquire+0x7d/0x100
[  852.436797][T17531]  should_fail_ex+0x414/0x560
[  852.436826][T17531]  should_failslab+0xa8/0x100
[  852.436847][T17531]  kmem_cache_alloc_node_noprof+0x77/0x710
[  852.436875][T17531]  ? __alloc_skb+0x112/0x2d0
[  852.436894][T17531]  ? netlink_autobind+0xdb/0x300
[  852.436921][T17531]  __alloc_skb+0x112/0x2d0
[  852.436944][T17531]  netlink_sendmsg+0x5c6/0xb30
[  852.436974][T17531]  ? __pfx_netlink_sendmsg+0x10/0x10
[  852.436998][T17531]  ? aa_sock_msg_perm+0xf1/0x1d0
[  852.437027][T17531]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  852.437046][T17531]  ? __pfx_netlink_sendmsg+0x10/0x10
[  852.437069][T17531]  __sock_sendmsg+0x21c/0x270
[  852.437101][T17531]  ____sys_sendmsg+0x505/0x830
[  852.437130][T17531]  ? __pfx_____sys_sendmsg+0x10/0x10
[  852.437179][T17531]  ? import_iovec+0x74/0xa0
[  852.437202][T17531]  ___sys_sendmsg+0x21f/0x2a0
[  852.437228][T17531]  ? __pfx____sys_sendmsg+0x10/0x10
[  852.437287][T17531]  ? __fget_files+0x2a/0x420
[  852.437304][T17531]  ? __fget_files+0x3a0/0x420
[  852.437331][T17531]  __x64_sys_sendmsg+0x19b/0x260
[  852.437358][T17531]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  852.437392][T17531]  ? __pfx_ksys_write+0x10/0x10
[  852.437423][T17531]  ? do_syscall_64+0xbe/0xfa0
[  852.437451][T17531]  do_syscall_64+0xfa/0xfa0
[  852.437473][T17531]  ? lockdep_hardirqs_on+0x9c/0x150
[  852.437497][T17531]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  852.437517][T17531]  ? clear_bhb_loop+0x60/0xb0
[  852.437541][T17531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  852.437560][T17531] RIP: 0033:0x7f9a56b8eec9
[  852.437579][T17531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  852.437596][T17531] RSP: 002b:00007f9a57a4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  852.437617][T17531] RAX: ffffffffffffffda RBX: 00007f9a56de5fa0 RCX: 00007f9a56b8eec9
[  852.437632][T17531] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[  852.437645][T17531] RBP: 00007f9a57a4a090 R08: 0000000000000000 R09: 0000000000000000
[  852.437658][T17531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  852.437670][T17531] R13: 00007f9a56de6038 R14: 00007f9a56de5fa0 R15: 00007f9a56f0fa28
[  852.437703][T17531]  </TASK>
[  852.767187][T15096] usb 4-1: USB disconnect, device number 75
[  853.167787][T17541] FAULT_INJECTION: forcing a failure.
[  853.167787][T17541] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  853.189670][T17541] CPU: 0 UID: 0 PID: 17541 Comm: syz.4.3722 Not tainted syzkaller #0 PREEMPT(full) 
[  853.189698][T17541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  853.189709][T17541] Call Trace:
[  853.189718][T17541]  <TASK>
[  853.189727][T17541]  dump_stack_lvl+0x189/0x250
[  853.189753][T17541]  ? __pfx____ratelimit+0x10/0x10
[  853.189785][T17541]  ? __pfx_dump_stack_lvl+0x10/0x10
[  853.189806][T17541]  ? __pfx__printk+0x10/0x10
[  853.189827][T17541]  ? __might_fault+0xb0/0x130
[  853.189865][T17541]  should_fail_ex+0x414/0x560
[  853.189893][T17541]  _copy_from_user+0x2d/0xb0
[  853.189914][T17541]  sctp_getsockopt_pf_expose+0xb5/0x500
[  853.189947][T17541]  ? __pfx_sctp_getsockopt_pf_expose+0x10/0x10
[  853.189987][T17541]  sctp_getsockopt+0x465/0xb60
[  853.190013][T17541]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  853.190046][T17541]  do_sock_getsockopt+0x372/0x450
[  853.190072][T17541]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  853.190094][T17541]  ? do_syscall_64+0xa0/0xfa0
[  853.190117][T17541]  ? __fget_files+0x2a/0x420
[  853.190139][T17541]  ? __fget_files+0x3a0/0x420
[  853.190156][T17541]  ? __fget_files+0x2a/0x420
[  853.190181][T17541]  __x64_sys_getsockopt+0x1a5/0x250
[  853.190203][T17541]  ? do_syscall_64+0xa0/0xfa0
[  853.190228][T17541]  ? do_syscall_64+0xa0/0xfa0
[  853.190256][T17541]  do_syscall_64+0xfa/0xfa0
[  853.190278][T17541]  ? lockdep_hardirqs_on+0x9c/0x150
[  853.190302][T17541]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  853.190321][T17541]  ? clear_bhb_loop+0x60/0xb0
[  853.190346][T17541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  853.190364][T17541] RIP: 0033:0x7f8ab9b8eec9
[  853.190382][T17541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  853.190400][T17541] RSP: 002b:00007f8abaa18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  853.190421][T17541] RAX: ffffffffffffffda RBX: 00007f8ab9de5fa0 RCX: 00007f8ab9b8eec9
[  853.190436][T17541] RDX: 0000000000000083 RSI: 0000000000000084 RDI: 0000000000000003
[  853.190448][T17541] RBP: 00007f8abaa18090 R08: 0000200000000000 R09: 0000000000000000
[  853.190461][T17541] R10: 0000200000001c40 R11: 0000000000000246 R12: 0000000000000001
[  853.190475][T17541] R13: 00007f8ab9de6038 R14: 00007f8ab9de5fa0 R15: 00007f8ab9f0fa28
[  853.190509][T17541]  </TASK>
[  853.422889][ T5828] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[  853.809079][T17552] netlink: 1312 bytes leftover after parsing attributes in process `syz.3.3727'.
[  855.015369][T17579] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3734'.
[  855.352012][T17589] tipc: Cannot configure node identity twice
[  855.371954][T17590] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3740'.
[  855.531920][T17591] netlink: 100 bytes leftover after parsing attributes in process `syz.0.3740'.
[  855.543131][T15096] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  855.721013][T17596] netlink: 'syz.0.3740': attribute type 5 has an invalid length.
[  855.777945][T17596] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.3740'.
[  856.643960][T15096] usb 5-1: new low-speed USB device number 101 using dummy_hcd
[  856.865444][ T5837] Bluetooth: hci0: command 0x0406 tx timeout
[  856.902764][T15096] usb 5-1: unable to get BOS descriptor or descriptor too short
[  856.951155][T15096] usb 5-1: config 1 interface 0 altsetting 7 endpoint 0x82 is Bulk; changing to Interrupt
[  856.971622][T15096] usb 5-1: config 1 interface 0 altsetting 7 endpoint 0x3 is Bulk; changing to Interrupt
[  856.993586][T15096] usb 5-1: config 1 interface 0 has no altsetting 0
[  857.005858][T15096] usb 5-1: string descriptor 0 read error: -22
[  857.012094][T15096] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  857.023054][T15096] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  857.050802][T17600] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  857.058464][T17600] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  857.081472][T15096] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  857.504160][T17632] netlink: 'syz.1.3751': attribute type 1 has an invalid length.
[  857.597561][T17632] 8021q: adding VLAN 0 to HW filter on device bond3
[  857.807572][T17636] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  858.142813][T17645] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3755'.
[  858.173054][T16785] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[  858.259429][T17645] hsr_slave_1 (unregistering): left promiscuous mode
[  858.347816][T16785] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  858.375578][T16785] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  858.420846][T16785] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  858.430998][T16785] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  858.615713][T17649] input: syz1 as /devices/virtual/input/input56
[  858.642489][T16785] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  858.813965][T16785] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  858.907425][T15096] usb 5-1: USB disconnect, device number 101
[  858.916461][T16785] usb 2-1: config 0 descriptor??
[  859.178300][T17653] input: syz1 as /devices/virtual/input/input57
[  859.388267][T16785] plantronics 0003:047F:FFFF.0010: ignoring exceeding usage max
[  859.423244][T16785] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  859.953602][T17660] FAULT_INJECTION: forcing a failure.
[  859.953602][T17660] name failslab, interval 1, probability 0, space 0, times 0
[  860.020594][T17660] CPU: 1 UID: 0 PID: 17660 Comm: syz.2.3759 Not tainted syzkaller #0 PREEMPT(full) 
[  860.020622][T17660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  860.020635][T17660] Call Trace:
[  860.020643][T17660]  <TASK>
[  860.020652][T17660]  dump_stack_lvl+0x189/0x250
[  860.020681][T17660]  ? __pfx____ratelimit+0x10/0x10
[  860.020704][T17660]  ? __pfx_dump_stack_lvl+0x10/0x10
[  860.020717][T17660]  ? __pfx__printk+0x10/0x10
[  860.020731][T17660]  ? __pfx___might_resched+0x10/0x10
[  860.020743][T17660]  ? fs_reclaim_acquire+0x7d/0x100
[  860.020762][T17660]  should_fail_ex+0x414/0x560
[  860.020788][T17660]  should_failslab+0xa8/0x100
[  860.020809][T17660]  kmem_cache_alloc_node_noprof+0x77/0x710
[  860.020837][T17660]  ? __alloc_skb+0x112/0x2d0
[  860.020856][T17660]  ? netlink_autobind+0xdb/0x300
[  860.020871][T17660]  __alloc_skb+0x112/0x2d0
[  860.020884][T17660]  netlink_sendmsg+0x5c6/0xb30
[  860.020900][T17660]  ? __pfx_netlink_sendmsg+0x10/0x10
[  860.020913][T17660]  ? aa_sock_msg_perm+0xf1/0x1d0
[  860.020940][T17660]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  860.020959][T17660]  ? __pfx_netlink_sendmsg+0x10/0x10
[  860.020981][T17660]  __sock_sendmsg+0x21c/0x270
[  860.021010][T17660]  ____sys_sendmsg+0x505/0x830
[  860.021025][T17660]  ? __pfx_____sys_sendmsg+0x10/0x10
[  860.021042][T17660]  ? import_iovec+0x74/0xa0
[  860.021054][T17660]  ___sys_sendmsg+0x21f/0x2a0
[  860.021070][T17660]  ? __pfx____sys_sendmsg+0x10/0x10
[  860.021129][T17660]  ? __fget_files+0x2a/0x420
[  860.021146][T17660]  ? __fget_files+0x3a0/0x420
[  860.021165][T17660]  __x64_sys_sendmsg+0x19b/0x260
[  860.021178][T17660]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  860.021201][T17660]  ? __pfx_ksys_write+0x10/0x10
[  860.021220][T17660]  ? do_syscall_64+0xbe/0xfa0
[  860.021247][T17660]  do_syscall_64+0xfa/0xfa0
[  860.021269][T17660]  ? lockdep_hardirqs_on+0x9c/0x150
[  860.021293][T17660]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  860.021309][T17660]  ? clear_bhb_loop+0x60/0xb0
[  860.021322][T17660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  860.021332][T17660] RIP: 0033:0x7f9a56b8eec9
[  860.021343][T17660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  860.021352][T17660] RSP: 002b:00007f9a57a4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  860.021365][T17660] RAX: ffffffffffffffda RBX: 00007f9a56de5fa0 RCX: 00007f9a56b8eec9
[  860.021379][T17660] RDX: 0000000000000050 RSI: 0000200000000dc0 RDI: 0000000000000003
[  860.021392][T17660] RBP: 00007f9a57a4a090 R08: 0000000000000000 R09: 0000000000000000
[  860.021405][T17660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  860.021417][T17660] R13: 00007f9a56de6038 R14: 00007f9a56de5fa0 R15: 00007f9a56f0fa28
[  860.021450][T17660]  </TASK>
[  860.292486][    C1] vkms_vblank_simulate: vblank timer overrun
[  860.471886][T17668] fuse: Unknown parameter 'group_id00000000000000000000'
[  860.753977][T17674] netlink: 'syz.2.3764': attribute type 1 has an invalid length.
[  860.877579][T17674] 8021q: adding VLAN 0 to HW filter on device bond2
[  860.907882][T17676] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  860.977677][T17679] netlink: 1312 bytes leftover after parsing attributes in process `syz.4.3765'.
[  861.097420][T17681] FAULT_INJECTION: forcing a failure.
[  861.097420][T17681] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  861.153220][T17681] CPU: 1 UID: 0 PID: 17681 Comm: syz.2.3766 Not tainted syzkaller #0 PREEMPT(full) 
[  861.153247][T17681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  861.153261][T17681] Call Trace:
[  861.153269][T17681]  <TASK>
[  861.153278][T17681]  dump_stack_lvl+0x189/0x250
[  861.153304][T17681]  ? __pfx____ratelimit+0x10/0x10
[  861.153327][T17681]  ? __pfx_dump_stack_lvl+0x10/0x10
[  861.153349][T17681]  ? __pfx__printk+0x10/0x10
[  861.153370][T17681]  ? __might_fault+0xb0/0x130
[  861.153407][T17681]  should_fail_ex+0x414/0x560
[  861.153435][T17681]  _copy_from_user+0x2d/0xb0
[  861.153455][T17681]  ucma_resolve_ip+0x9a/0x280
[  861.153491][T17681]  ? __pfx_ucma_resolve_ip+0x10/0x10
[  861.153535][T17681]  ucma_write+0x246/0x2e0
[  861.153564][T17681]  ? __pfx_ucma_write+0x10/0x10
[  861.153589][T17681]  ? security_file_permission+0x75/0x290
[  861.153612][T17681]  ? rw_verify_area+0x255/0x4d0
[  861.153637][T17681]  ? __lock_acquire+0xab9/0xd20
[  861.153655][T17681]  ? __pfx_ucma_write+0x10/0x10
[  861.153687][T17681]  vfs_write+0x27b/0xb30
[  861.153722][T17681]  ? __pfx_vfs_write+0x10/0x10
[  861.153749][T17681]  ? __fget_files+0x2a/0x420
[  861.153770][T17681]  ? __fget_files+0x2a/0x420
[  861.153787][T17681]  ? __fget_files+0x3a0/0x420
[  861.153803][T17681]  ? __fget_files+0x2a/0x420
[  861.153829][T17681]  ksys_write+0x145/0x250
[  861.153858][T17681]  ? __pfx_ksys_write+0x10/0x10
[  861.153888][T17681]  ? do_syscall_64+0xbe/0xfa0
[  861.153915][T17681]  do_syscall_64+0xfa/0xfa0
[  861.153938][T17681]  ? lockdep_hardirqs_on+0x9c/0x150
[  861.153965][T17681]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  861.153984][T17681]  ? clear_bhb_loop+0x60/0xb0
[  861.154007][T17681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  861.154027][T17681] RIP: 0033:0x7f9a56b8eec9
[  861.154053][T17681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  861.154070][T17681] RSP: 002b:00007f9a57a4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  861.154091][T17681] RAX: ffffffffffffffda RBX: 00007f9a56de5fa0 RCX: 00007f9a56b8eec9
[  861.154106][T17681] RDX: 0000000000000048 RSI: 0000200000000100 RDI: 0000000000000003
[  861.154119][T17681] RBP: 00007f9a57a4a090 R08: 0000000000000000 R09: 0000000000000000
[  861.154132][T17681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  861.154144][T17681] R13: 00007f9a56de6038 R14: 00007f9a56de5fa0 R15: 00007f9a56f0fa28
[  861.154177][T17681]  </TASK>
[  861.403406][    C1] vkms_vblank_simulate: vblank timer overrun
[  861.759852][ T5889] usb 2-1: USB disconnect, device number 88
[  861.764960][T17685] loop6: detected capacity change from 0 to 7
[  861.790375][T17685] Dev loop6: unable to read RDB block 7
[  861.798085][T17685]  loop6: AHDI p2 p3 p4
[  861.802283][T17685] loop6: partition table partially beyond EOD, truncated
[  861.819894][T17685] loop6: p2 size 47 extends beyond EOD, truncated
[  861.888140][T17685] loop6: p3 start 1886353253 is beyond EOD, truncated
[  862.223817][T15096] usb 1-1: new low-speed USB device number 87 using dummy_hcd
[  862.280770][T15193] udevd[15193]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  862.406786][T15096] usb 1-1: unable to get BOS descriptor or descriptor too short
[  862.436357][T15096] usb 1-1: config 1 interface 0 altsetting 7 endpoint 0x82 is Bulk; changing to Interrupt
[  862.542863][T15096] usb 1-1: config 1 interface 0 altsetting 7 endpoint 0x3 is Bulk; changing to Interrupt
[  862.613232][T15096] usb 1-1: config 1 interface 0 has no altsetting 0
[  862.665090][T15096] usb 1-1: string descriptor 0 read error: -22
[  862.682480][T15096] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  862.708850][T15096] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  862.769194][T17683] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  862.779273][T17683] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  862.800353][T15096] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  863.023046][ T5911] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[  863.164163][ T5911] usb 3-1: device descriptor read/64, error -71
[  863.293218][T16785] usb 5-1: new full-speed USB device number 102 using dummy_hcd
[  863.413298][ T5911] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[  863.455133][T16785] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  863.469468][T16785] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  863.479167][T16785] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  863.493633][T16785] usb 5-1: Product: syz
[  863.499606][T16785] usb 5-1: Manufacturer: syz
[  863.508130][T16785] usb 5-1: SerialNumber: syz
[  863.534409][T16785] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  863.553126][T15096] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  863.553204][ T5911] usb 3-1: device descriptor read/64, error -71
[  863.634276][ T5828] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[  863.673640][ T5911] usb usb3-port1: attempt power cycle
[  863.793078][ T5828] usb 2-1: Using ep0 maxpacket: 8
[  863.799932][ T5828] usb 2-1: config 0 has an invalid interface number: 56 but max is 0
[  863.808146][ T5828] usb 2-1: config 0 has no interface number 0
[  863.817423][ T5828] usb 2-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  863.827127][ T5828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  863.836358][ T5828] usb 2-1: Product: syz
[  863.840750][ T5828] usb 2-1: Manufacturer: syz
[  863.845431][ T5828] usb 2-1: SerialNumber: syz
[  863.852343][ T5828] usb 2-1: config 0 descriptor??
[  863.860612][ T5828] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  863.868873][ T5828] pctv452e: pctv452e_power_ctrl: 1
[  863.868873][ T5828] 
[  863.876258][ T5828] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  863.876258][ T5828] 
[  863.886577][ T5828] dvb-usb: bulk message failed: -22 (5/0)
[  863.895260][ T5828] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  863.905403][ T5828] dvbdev: DVB: registering new adapter (Technotrend TT Connect S2-3600)
[  863.913974][ T5828] usb 2-1: media controller created
[  863.919716][ T5828] dvb-usb: bulk message failed: -22 (8/0)
[  863.926074][ T5828] pctv452e: I2C error -22; AA 01  A0 01 14 -> aa 01 31 04 a0 01 14
[  863.938849][ T5828] dvb-usb: MAC address reading failed.
[  863.958294][ T5828] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  864.002358][ T5828] DVB: Unable to find symbol stb0899_attach()
[  864.008529][ T5828] dvb-usb: no frontend was attached by 'Technotrend TT Connect S2-3600'
[  864.017065][ T5911] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[  864.043828][ T5911] usb 3-1: device descriptor read/8, error -71
[  864.063465][T15096] usb 4-1: device descriptor read/64, error -71
[  864.070158][T17708] dvb-usb: bulk message failed: -22 (7/0)
[  864.076789][T17708] pctv452e: I2C error -22; AA 02  04 00 02 -> aa 02 31 03 04 00 02
[  864.084929][ T5828] rc_core: IR keymap rc-tt-1500 not found
[  864.091799][ T5828] Registered IR keymap rc-empty
[  864.099845][ T5828] rc rc0: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  864.111637][ T5828] input: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input58
[  864.124149][ T5828] dvb-usb: schedule remote query interval to 100 msecs.
[  864.131136][ T5828] pctv452e: pctv452e_power_ctrl: 0
[  864.131136][ T5828] 
[  864.142600][ T5828] dvb-usb: Technotrend TT Connect S2-3600 successfully initialized and connected.
[  864.152759][T16785] usb 5-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  864.172700][ T5828] usb 2-1: USB disconnect, device number 89
[  864.186869][T16785] usb 5-1: USB disconnect, device number 102
[  864.261409][ T5828] dvb-usb: Technotrend TT Connect S2-3600 successfully deinitialized and disconnected.
[  864.293053][ T5911] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[  864.313361][T15096] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  864.315884][ T5911] usb 3-1: device descriptor read/8, error -71
[  864.433428][ T5911] usb usb3-port1: unable to enumerate USB device
[  864.453039][T15096] usb 4-1: device descriptor read/64, error -71
[  864.563309][T15096] usb usb4-port1: attempt power cycle
[  864.677182][T17716] netlink: 1312 bytes leftover after parsing attributes in process `syz.1.3780'.
[  864.722882][ T5828] usb 1-1: USB disconnect, device number 87
[  864.903095][T15096] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  864.936925][T15096] usb 4-1: device descriptor read/8, error -71
[  865.030213][T17727] FAULT_INJECTION: forcing a failure.
[  865.030213][T17727] name failslab, interval 1, probability 0, space 0, times 0
[  865.043519][T17727] CPU: 1 UID: 0 PID: 17727 Comm: syz.4.3786 Not tainted syzkaller #0 PREEMPT(full) 
[  865.043545][T17727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  865.043558][T17727] Call Trace:
[  865.043565][T17727]  <TASK>
[  865.043572][T17727]  dump_stack_lvl+0x189/0x250
[  865.043595][T17727]  ? __pfx____ratelimit+0x10/0x10
[  865.043615][T17727]  ? __pfx_dump_stack_lvl+0x10/0x10
[  865.043633][T17727]  ? __pfx__printk+0x10/0x10
[  865.043655][T17727]  ? __pfx___might_resched+0x10/0x10
[  865.043673][T17727]  ? fs_reclaim_acquire+0x7d/0x100
[  865.043702][T17727]  should_fail_ex+0x414/0x560
[  865.043727][T17727]  should_failslab+0xa8/0x100
[  865.043745][T17727]  kmem_cache_alloc_node_noprof+0x77/0x710
[  865.043768][T17727]  ? __alloc_skb+0x112/0x2d0
[  865.043784][T17727]  ? netlink_autobind+0xdb/0x300
[  865.043807][T17727]  __alloc_skb+0x112/0x2d0
[  865.043827][T17727]  netlink_sendmsg+0x5c6/0xb30
[  865.043852][T17727]  ? __pfx_netlink_sendmsg+0x10/0x10
[  865.043872][T17727]  ? aa_sock_msg_perm+0xf1/0x1d0
[  865.043896][T17727]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  865.043912][T17727]  ? __pfx_netlink_sendmsg+0x10/0x10
[  865.043931][T17727]  __sock_sendmsg+0x21c/0x270
[  865.043963][T17727]  ____sys_sendmsg+0x505/0x830
[  865.043987][T17727]  ? __pfx_____sys_sendmsg+0x10/0x10
[  865.044014][T17727]  ? import_iovec+0x74/0xa0
[  865.044033][T17727]  ___sys_sendmsg+0x21f/0x2a0
[  865.044054][T17727]  ? __pfx____sys_sendmsg+0x10/0x10
[  865.044103][T17727]  ? __fget_files+0x2a/0x420
[  865.044118][T17727]  ? __fget_files+0x3a0/0x420
[  865.044141][T17727]  __x64_sys_sendmsg+0x19b/0x260
[  865.044163][T17727]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  865.044191][T17727]  ? __pfx_ksys_write+0x10/0x10
[  865.044217][T17727]  ? do_syscall_64+0xbe/0xfa0
[  865.044240][T17727]  do_syscall_64+0xfa/0xfa0
[  865.044258][T17727]  ? lockdep_hardirqs_on+0x9c/0x150
[  865.044278][T17727]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.044295][T17727]  ? clear_bhb_loop+0x60/0xb0
[  865.044315][T17727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.044331][T17727] RIP: 0033:0x7f8ab9b8eec9
[  865.044347][T17727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  865.044363][T17727] RSP: 002b:00007f8abaa18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  865.044382][T17727] RAX: ffffffffffffffda RBX: 00007f8ab9de5fa0 RCX: 00007f8ab9b8eec9
[  865.044395][T17727] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003
[  865.044406][T17727] RBP: 00007f8abaa18090 R08: 0000000000000000 R09: 0000000000000000
[  865.044417][T17727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  865.044428][T17727] R13: 00007f8ab9de6038 R14: 00007f8ab9de5fa0 R15: 00007f8ab9f0fa28
[  865.044455][T17727]  </TASK>
[  865.154242][ T5828] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  865.207950][T17729] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3787'.
[  865.343327][ T5828] usb 1-1: device descriptor read/64, error -71
[  865.403075][T15096] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  865.423550][T15096] usb 4-1: device descriptor read/8, error -71
[  865.489303][T17731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3788'.
[  865.533821][T15096] usb usb4-port1: unable to enumerate USB device
[  865.603458][ T5828] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  865.733565][ T5828] usb 1-1: device descriptor read/64, error -71
[  865.853294][ T5828] usb usb1-port1: attempt power cycle
[  866.063050][T15096] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[  866.076844][T17756] FAULT_INJECTION: forcing a failure.
[  866.076844][T17756] name failslab, interval 1, probability 0, space 0, times 0
[  866.091317][T17756] CPU: 0 UID: 0 PID: 17756 Comm: syz.4.3795 Not tainted syzkaller #0 PREEMPT(full) 
[  866.091343][T17756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  866.091354][T17756] Call Trace:
[  866.091362][T17756]  <TASK>
[  866.091371][T17756]  dump_stack_lvl+0x189/0x250
[  866.091396][T17756]  ? __pfx____ratelimit+0x10/0x10
[  866.091418][T17756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  866.091438][T17756]  ? __pfx__printk+0x10/0x10
[  866.091464][T17756]  ? __pfx___might_resched+0x10/0x10
[  866.091485][T17756]  ? fs_reclaim_acquire+0x7d/0x100
[  866.091517][T17756]  should_fail_ex+0x414/0x560
[  866.091543][T17756]  should_failslab+0xa8/0x100
[  866.091563][T17756]  kmem_cache_alloc_node_noprof+0x77/0x710
[  866.091599][T17756]  ? __alloc_skb+0x112/0x2d0
[  866.091617][T17756]  ? netlink_autobind+0xdb/0x300
[  866.091643][T17756]  __alloc_skb+0x112/0x2d0
[  866.091666][T17756]  netlink_sendmsg+0x5c6/0xb30
[  866.091693][T17756]  ? __pfx_netlink_sendmsg+0x10/0x10
[  866.091718][T17756]  ? aa_sock_msg_perm+0xf1/0x1d0
[  866.091746][T17756]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  866.091765][T17756]  ? __pfx_netlink_sendmsg+0x10/0x10
[  866.091786][T17756]  __sock_sendmsg+0x21c/0x270
[  866.091815][T17756]  ____sys_sendmsg+0x505/0x830
[  866.091843][T17756]  ? __pfx_____sys_sendmsg+0x10/0x10
[  866.091874][T17756]  ? import_iovec+0x74/0xa0
[  866.091895][T17756]  ___sys_sendmsg+0x21f/0x2a0
[  866.091920][T17756]  ? __pfx____sys_sendmsg+0x10/0x10
[  866.091978][T17756]  ? __fget_files+0x2a/0x420
[  866.091996][T17756]  ? __fget_files+0x3a0/0x420
[  866.092023][T17756]  __x64_sys_sendmsg+0x19b/0x260
[  866.092048][T17756]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  866.092080][T17756]  ? __pfx_ksys_write+0x10/0x10
[  866.092109][T17756]  ? do_syscall_64+0xbe/0xfa0
[  866.092134][T17756]  do_syscall_64+0xfa/0xfa0
[  866.092154][T17756]  ? lockdep_hardirqs_on+0x9c/0x150
[  866.092176][T17756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.092195][T17756]  ? clear_bhb_loop+0x60/0xb0
[  866.092216][T17756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.092235][T17756] RIP: 0033:0x7f8ab9b8eec9
[  866.092252][T17756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  866.092268][T17756] RSP: 002b:00007f8abaa18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  866.092290][T17756] RAX: ffffffffffffffda RBX: 00007f8ab9de5fa0 RCX: 00007f8ab9b8eec9
[  866.092305][T17756] RDX: 0000000020000004 RSI: 0000200000000200 RDI: 0000000000000004
[  866.092319][T17756] RBP: 00007f8abaa18090 R08: 0000000000000000 R09: 0000000000000000
[  866.092332][T17756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  866.092344][T17756] R13: 00007f8ab9de6038 R14: 00007f8ab9de5fa0 R15: 00007f8ab9f0fa28
[  866.092377][T17756]  </TASK>
[  866.473318][T15096] usb 2-1: Using ep0 maxpacket: 8
[  866.483108][ T5828] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  866.484930][T15096] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  866.502008][T15096] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  866.511464][ T5828] usb 1-1: device descriptor read/8, error -71
[  866.520683][T15096] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  866.530959][T15096] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  866.539247][T15096] usb 2-1: Product: syz
[  866.656167][T15096] usb 2-1: Manufacturer: syz
[  866.663000][T15096] usb 2-1: SerialNumber: syz
[  866.684590][T15096] usb 2-1: config 0 descriptor??
[  866.753092][ T5828] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  866.774695][ T5828] usb 1-1: device descriptor read/8, error -71
[  866.859847][T17767] FAULT_INJECTION: forcing a failure.
[  866.859847][T17767] name failslab, interval 1, probability 0, space 0, times 0
[  866.875426][T17767] CPU: 1 UID: 0 PID: 17767 Comm: syz.3.3798 Not tainted syzkaller #0 PREEMPT(full) 
[  866.875443][T17767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  866.875450][T17767] Call Trace:
[  866.875455][T17767]  <TASK>
[  866.875460][T17767]  dump_stack_lvl+0x189/0x250
[  866.875476][T17767]  ? __pfx____ratelimit+0x10/0x10
[  866.875489][T17767]  ? __pfx_dump_stack_lvl+0x10/0x10
[  866.875500][T17767]  ? __pfx__printk+0x10/0x10
[  866.875514][T17767]  ? __pfx___might_resched+0x10/0x10
[  866.875525][T17767]  ? fs_reclaim_acquire+0x7d/0x100
[  866.875544][T17767]  should_fail_ex+0x414/0x560
[  866.875559][T17767]  should_failslab+0xa8/0x100
[  866.875571][T17767]  kmem_cache_alloc_node_noprof+0x77/0x710
[  866.875585][T17767]  ? __alloc_skb+0x112/0x2d0
[  866.875596][T17767]  ? netlink_autobind+0xdb/0x300
[  866.875610][T17767]  __alloc_skb+0x112/0x2d0
[  866.875622][T17767]  netlink_sendmsg+0x5c6/0xb30
[  866.875638][T17767]  ? __pfx_netlink_sendmsg+0x10/0x10
[  866.875650][T17767]  ? aa_sock_msg_perm+0xf1/0x1d0
[  866.875666][T17767]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  866.875676][T17767]  ? __pfx_netlink_sendmsg+0x10/0x10
[  866.875687][T17767]  __sock_sendmsg+0x21c/0x270
[  866.875704][T17767]  ____sys_sendmsg+0x505/0x830
[  866.875725][T17767]  ? __pfx_____sys_sendmsg+0x10/0x10
[  866.875742][T17767]  ? import_iovec+0x74/0xa0
[  866.875754][T17767]  ___sys_sendmsg+0x21f/0x2a0
[  866.875768][T17767]  ? __pfx____sys_sendmsg+0x10/0x10
[  866.875798][T17767]  ? __fget_files+0x2a/0x420
[  866.875807][T17767]  ? __fget_files+0x3a0/0x420
[  866.875821][T17767]  __x64_sys_sendmsg+0x19b/0x260
[  866.875835][T17767]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  866.875857][T17767]  ? __pfx_ksys_write+0x10/0x10
[  866.875874][T17767]  ? do_syscall_64+0xbe/0xfa0
[  866.875888][T17767]  do_syscall_64+0xfa/0xfa0
[  866.875900][T17767]  ? lockdep_hardirqs_on+0x9c/0x150
[  866.875912][T17767]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.875923][T17767]  ? clear_bhb_loop+0x60/0xb0
[  866.875935][T17767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.875945][T17767] RIP: 0033:0x7f4f53b8eec9
[  866.875956][T17767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  866.875965][T17767] RSP: 002b:00007f4f54afd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  866.875976][T17767] RAX: ffffffffffffffda RBX: 00007f4f53de5fa0 RCX: 00007f4f53b8eec9
[  866.875984][T17767] RDX: 0000000000000000 RSI: 00002000000035c0 RDI: 0000000000000003
[  866.875991][T17767] RBP: 00007f4f54afd090 R08: 0000000000000000 R09: 0000000000000000
[  866.875997][T17767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  866.876003][T17767] R13: 00007f4f53de6038 R14: 00007f4f53de5fa0 R15: 00007f4f53f0fa28
[  866.876020][T17767]  </TASK>
[  867.168691][ T5828] usb usb1-port1: unable to enumerate USB device
[  867.224807][ T5828] usb 2-1: USB disconnect, device number 90
[  867.537852][T17774] FAULT_INJECTION: forcing a failure.
[  867.537852][T17774] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  867.562719][T17774] CPU: 0 UID: 0 PID: 17774 Comm: syz.2.3802 Not tainted syzkaller #0 PREEMPT(full) 
[  867.562744][T17774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  867.562756][T17774] Call Trace:
[  867.562764][T17774]  <TASK>
[  867.562773][T17774]  dump_stack_lvl+0x189/0x250
[  867.562797][T17774]  ? __pfx____ratelimit+0x10/0x10
[  867.562818][T17774]  ? __pfx_dump_stack_lvl+0x10/0x10
[  867.562839][T17774]  ? __pfx__printk+0x10/0x10
[  867.562870][T17774]  should_fail_ex+0x414/0x560
[  867.562898][T17774]  _copy_to_user+0x31/0xb0
[  867.562919][T17774]  simple_read_from_buffer+0xe1/0x170
[  867.562953][T17774]  proc_fail_nth_read+0x1b3/0x220
[  867.562978][T17774]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  867.563005][T17774]  ? rw_verify_area+0x2a6/0x4d0
[  867.563029][T17774]  ? __lock_acquire+0xab9/0xd20
[  867.563046][T17774]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  867.563070][T17774]  vfs_read+0x200/0xa30
[  867.563093][T17774]  ? fdget_pos+0x247/0x320
[  867.563113][T17774]  ? __pfx___mutex_lock+0x10/0x10
[  867.563139][T17774]  ? __pfx_vfs_read+0x10/0x10
[  867.563167][T17774]  ? __fget_files+0x2a/0x420
[  867.563186][T17774]  ? __fget_files+0x3a0/0x420
[  867.563201][T17774]  ? __fget_files+0x2a/0x420
[  867.563225][T17774]  ksys_read+0x145/0x250
[  867.563253][T17774]  ? __pfx_ksys_read+0x10/0x10
[  867.563278][T17774]  ? do_syscall_64+0xbe/0xfa0
[  867.563305][T17774]  do_syscall_64+0xfa/0xfa0
[  867.563326][T17774]  ? lockdep_hardirqs_on+0x9c/0x150
[  867.563349][T17774]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  867.563368][T17774]  ? clear_bhb_loop+0x60/0xb0
[  867.563391][T17774]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  867.563410][T17774] RIP: 0033:0x7f9a56b8d8dc
[  867.563427][T17774] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  867.563445][T17774] RSP: 002b:00007f9a57a4a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  867.563466][T17774] RAX: ffffffffffffffda RBX: 00007f9a56de5fa0 RCX: 00007f9a56b8d8dc
[  867.563482][T17774] RDX: 000000000000000f RSI: 00007f9a57a4a0a0 RDI: 0000000000000004
[  867.563495][T17774] RBP: 00007f9a57a4a090 R08: 0000000000000000 R09: 0000000000000000
[  867.563506][T17774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  867.563517][T17774] R13: 00007f9a56de6038 R14: 00007f9a56de5fa0 R15: 00007f9a56f0fa28
[  867.563558][T17774]  </TASK>
[  867.857994][T17778] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3803'.
[  868.553250][T17797] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3808'.
[  868.716266][T17801] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3810'.
[  868.889335][T17801] bond4: (slave veth0_to_bond): Releasing backup interface
[  869.967609][T17817] program syz.2.3816 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  869.983790][T16785] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[  870.137308][T16785] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  870.147893][T16785] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  870.157709][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  870.164047][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  870.204735][T16785] usb 4-1: Product: syz
[  870.213327][T16785] usb 4-1: Manufacturer: syz
[  870.223064][T16785] usb 4-1: SerialNumber: syz
[  870.352812][T16785] r8152-cfgselector 4-1: Unknown version 0x0000
[  870.359932][T16785] r8152-cfgselector 4-1: config 0 descriptor??
[  870.367061][T17824] FAULT_INJECTION: forcing a failure.
[  870.367061][T17824] name failslab, interval 1, probability 0, space 0, times 0
[  870.443090][T17824] CPU: 0 UID: 0 PID: 17824 Comm: syz.4.3819 Not tainted syzkaller #0 PREEMPT(full) 
[  870.443117][T17824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  870.443130][T17824] Call Trace:
[  870.443142][T17824]  <TASK>
[  870.443151][T17824]  dump_stack_lvl+0x189/0x250
[  870.443177][T17824]  ? __pfx____ratelimit+0x10/0x10
[  870.443200][T17824]  ? __pfx_dump_stack_lvl+0x10/0x10
[  870.443220][T17824]  ? __pfx__printk+0x10/0x10
[  870.443244][T17824]  ? __pfx___might_resched+0x10/0x10
[  870.443264][T17824]  ? fs_reclaim_acquire+0x7d/0x100
[  870.443298][T17824]  should_fail_ex+0x414/0x560
[  870.443327][T17824]  should_failslab+0xa8/0x100
[  870.443348][T17824]  kmem_cache_alloc_node_noprof+0x77/0x710
[  870.443376][T17824]  ? __alloc_skb+0x112/0x2d0
[  870.443396][T17824]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  870.443424][T17824]  __alloc_skb+0x112/0x2d0
[  870.443449][T17824]  pfkey_sendmsg+0x1dd/0x1090
[  870.443474][T17824]  ? __lock_acquire+0xab9/0xd20
[  870.443503][T17824]  ? __pfx___might_resched+0x10/0x10
[  870.443530][T17824]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  870.443558][T17824]  ? aa_sk_perm+0x81e/0x950
[  870.443583][T17824]  ? __pfx_aa_sk_perm+0x10/0x10
[  870.443604][T17824]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  870.443635][T17824]  ? aa_sock_msg_perm+0xf1/0x1d0
[  870.443661][T17824]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  870.443679][T17824]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  870.443702][T17824]  __sock_sendmsg+0x21c/0x270
[  870.443733][T17824]  ____sys_sendmsg+0x505/0x830
[  870.443762][T17824]  ? __pfx_____sys_sendmsg+0x10/0x10
[  870.443795][T17824]  ? import_iovec+0x74/0xa0
[  870.443817][T17824]  ___sys_sendmsg+0x21f/0x2a0
[  870.443842][T17824]  ? __pfx____sys_sendmsg+0x10/0x10
[  870.443901][T17824]  ? __fget_files+0x2a/0x420
[  870.443918][T17824]  ? __fget_files+0x3a0/0x420
[  870.443946][T17824]  __x64_sys_sendmsg+0x19b/0x260
[  870.443972][T17824]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  870.444005][T17824]  ? __pfx_ksys_write+0x10/0x10
[  870.444035][T17824]  ? do_syscall_64+0xbe/0xfa0
[  870.444063][T17824]  do_syscall_64+0xfa/0xfa0
[  870.444084][T17824]  ? lockdep_hardirqs_on+0x9c/0x150
[  870.444108][T17824]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.444128][T17824]  ? clear_bhb_loop+0x60/0xb0
[  870.444152][T17824]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.444171][T17824] RIP: 0033:0x7f8ab9b8eec9
[  870.444189][T17824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  870.444206][T17824] RSP: 002b:00007f8abaa18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  870.444226][T17824] RAX: ffffffffffffffda RBX: 00007f8ab9de5fa0 RCX: 00007f8ab9b8eec9
[  870.444241][T17824] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  870.444254][T17824] RBP: 00007f8abaa18090 R08: 0000000000000000 R09: 0000000000000000
[  870.444266][T17824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  870.444278][T17824] R13: 00007f8ab9de6038 R14: 00007f8ab9de5fa0 R15: 00007f8ab9f0fa28
[  870.444310][T17824]  </TASK>
[  871.321746][T17844] netlink: 'syz.0.3825': attribute type 5 has an invalid length.
[  871.468169][T17843] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  871.494423][T17846] syzkaller0: entered promiscuous mode
[  871.500271][T17846] syzkaller0: entered allmulticast mode
[  871.605653][T17843] tipc: Resetting bearer <eth:syzkaller0>
[  872.226879][T17832] tipc: Resetting bearer <eth:syzkaller0>
[  872.300229][T17832] tipc: Disabling bearer <eth:syzkaller0>
[  872.643138][T16785] r8152-cfgselector 4-1: Unknown version 0x0000
[  872.649948][T16785] r8152-cfgselector 4-1: bad CDC descriptors
[  872.729331][T16785] r8152-cfgselector 4-1: USB disconnect, device number 80
[  872.740813][T17860] binder: 17858:17860 ioctl c018620c 200000000000 returned -22
[  872.993874][T17869] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3831'.
[  873.008038][T17869] netlink: 'syz.2.3831': attribute type 13 has an invalid length.
[  873.052626][   T30] audit: type=1326 audit(1760051203.062:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.4.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  873.106463][   T30] audit: type=1326 audit(1760051203.062:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.4.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  873.130889][   T30] audit: type=1326 audit(1760051203.142:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.4.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  873.349304][   T30] audit: type=1326 audit(1760051203.142:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.4.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  873.383219][T16785] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  873.577783][T16785] usb 1-1: Using ep0 maxpacket: 32
[  873.584058][T17869] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  873.602224][T16785] usb 1-1: too many configurations: 87, using maximum allowed: 8
[  873.613560][T16785] usb 1-1: unable to read config index 0 descriptor/start: -61
[  873.621239][T16785] usb 1-1: can't read configurations, error -61
[  873.754048][T16785] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  873.883257][T17882] netlink: 'syz.3.3837': attribute type 6 has an invalid length.
[  873.975628][T16785] usb 1-1: Using ep0 maxpacket: 32
[  873.981723][T16785] usb 1-1: too many configurations: 87, using maximum allowed: 8
[  873.991909][T16785] usb 1-1: unable to read config index 0 descriptor/start: -61
[  874.001769][T16785] usb 1-1: can't read configurations, error -61
[  874.012114][T16785] usb usb1-port1: attempt power cycle
[  874.535708][T16785] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  874.585427][T16785] usb 1-1: Using ep0 maxpacket: 32
[  874.593982][T16785] usb 1-1: too many configurations: 87, using maximum allowed: 8
[  874.622455][T16785] usb 1-1: unable to read config index 0 descriptor/start: -61
[  874.661474][T16785] usb 1-1: can't read configurations, error -61
[  874.703116][ T5911] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  874.732702][T15096] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[  874.805665][T16785] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  874.918093][T15096] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  874.938305][T15096] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  874.952350][T15096] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  874.991863][T15096] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  875.007890][T16785] usb 1-1: Using ep0 maxpacket: 32
[  875.020986][T16785] usb 1-1: too many configurations: 87, using maximum allowed: 8
[  875.049509][T16785] usb 1-1: unable to read config index 0 descriptor/start: -61
[  875.078424][T16785] usb 1-1: can't read configurations, error -61
[  875.090508][T15096] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  875.117154][T15096] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  875.117636][T16785] usb usb1-port1: unable to enumerate USB device
[  875.215361][ T5911] usb 5-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51
[  875.222430][T15096] usb 2-1: Product: syz
[  875.232080][T15096] usb 2-1: Manufacturer: syz
[  875.276056][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  875.289905][T15096] cdc_wdm 2-1:1.0: skipping garbage
[  875.313984][T15096] cdc_wdm 2-1:1.0: skipping garbage
[  875.321719][ T5911] usb 5-1: Product: syz
[  875.325938][T15096] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  875.346119][ T5911] usb 5-1: Manufacturer: syz
[  875.388410][ T5911] usb 5-1: SerialNumber: syz
[  875.452543][ T5911] usb 5-1: config 0 descriptor??
[  875.546197][ T5911] rndis_host 5-1:0.0: More than one union descriptor, skipping ...
[  875.554277][ T5911] usb 5-1: bad CDC descriptors
[  875.559435][ T5911] cdc_acm 5-1:0.0: More than one union descriptor, skipping ...
[  876.253126][ T5889] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[  876.407622][ T5889] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  876.476610][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.485056][ T5889] usb 3-1: Product: syz
[  876.506564][ T5889] usb 3-1: Manufacturer: syz
[  876.529480][ T5889] usb 3-1: SerialNumber: syz
[  876.572204][ T5889] r8152-cfgselector 3-1: Unknown version 0x0000
[  876.589440][ T5889] r8152-cfgselector 3-1: config 0 descriptor??
[  877.735328][T16785] usb 2-1: USB disconnect, device number 91
[  877.891242][T17927] usb usb8: usbfs: process 17927 (syz.3.3853) did not claim interface 0 before use
[  878.012031][T17931] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3854'.
[  878.026223][T17931] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3854'.
[  878.037736][T17931] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3854'.
[  878.048224][T17931] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3854'.
[  878.060338][T17931] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3854'.
[  878.072934][T17931] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3854'.
[  878.090332][ T5828] usb 5-1: USB disconnect, device number 103
[  878.105630][T17931] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3854'.
[  878.129148][T17931] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3854'.
[  878.142184][T17931] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3854'.
[  878.155777][T17931] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3854'.
[  878.173107][T16785] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[  878.323419][T16785] usb 2-1: Using ep0 maxpacket: 16
[  878.339215][T16785] usb 2-1: config 4 has an invalid interface number: 51 but max is 0
[  878.347802][T16785] usb 2-1: config 4 has no interface number 0
[  878.361476][T16785] usb 2-1: config 4 interface 51 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 16
[  878.377247][T16785] usb 2-1: config 4 interface 51 has no altsetting 0
[  878.392210][T16785] usb 2-1: New USB device found, idVendor=954f, idProduct=4199, bcdDevice= f.76
[  878.402413][T16785] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  878.417287][T16785] usb 2-1: Product: syz
[  878.429831][T16785] usb 2-1: Manufacturer: syz
[  878.443961][T16785] usb 2-1: SerialNumber: syz
[  878.459170][T17925] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  878.482156][T16785] cdc_eem 2-1:4.51: probe with driver cdc_eem failed with error -22
[  878.563062][ T5828] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  878.713709][ T5828] usb 5-1: Using ep0 maxpacket: 8
[  878.726474][ T5828] usb 5-1: config 0 has an invalid interface number: 148 but max is 0
[  878.733041][ T5941] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[  878.735107][ T5828] usb 5-1: config 0 has no interface number 0
[  878.752115][ T5828] usb 5-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=4d.36
[  878.761496][ T5828] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  878.769685][ T5828] usb 5-1: Product: syz
[  878.774122][ T5828] usb 5-1: Manufacturer: syz
[  878.779810][ T5828] usb 5-1: SerialNumber: syz
[  878.800927][ T5828] usb 5-1: config 0 descriptor??
[  878.833999][ T5828] kobil_sct 5-1:0.148: KOBIL USB smart card terminal converter detected
[  878.861656][ T5828] usb 5-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  878.923004][ T5941] usb 4-1: Using ep0 maxpacket: 32
[  878.950313][ T5941] usb 4-1: unable to get BOS descriptor or descriptor too short
[  878.989549][ T5941] usb 4-1: config 7 has an invalid interface number: 128 but max is 0
[  878.997935][ T5941] usb 4-1: config 7 contains an unexpected descriptor of type 0x1, skipping
[  879.043843][ T5941] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  879.063904][ T5889] r8152-cfgselector 3-1: Unknown version 0x0000
[  879.100341][ T5889] r8152-cfgselector 3-1: bad CDC descriptors
[  879.111411][T17941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  879.178000][ T5941] usb 4-1: config 7 has no interface number 0
[  879.178335][T17941] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  879.285310][ T5889] r8152-cfgselector 3-1: USB disconnect, device number 106
[  879.298817][ T5941] usb 4-1: config 7 interface 128 altsetting 2 has an endpoint descriptor with address 0x17, changing to 0x7
[  879.437109][ T5941] usb 4-1: config 7 interface 128 altsetting 2 bulk endpoint 0x7 has invalid maxpacket 32
[  879.453131][ T5941] usb 4-1: config 7 interface 128 altsetting 2 endpoint 0x87 has an invalid bInterval 209, changing to 11
[  879.468205][ T5941] usb 4-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  879.481732][ T5941] usb 4-1: config 7 interface 128 has no altsetting 0
[  879.491912][ T5941] usb 4-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13
[  879.515528][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  879.542617][T17947] fuse: Unknown parameter '000000000000000000000150000000000000000000000300000000000000000000'
[  879.562887][T17947] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  879.585992][ T5941] usb 4-1: Product: syz
[  879.590472][ T5941] usb 4-1: Manufacturer: syz
[  879.596356][ T5941] usb 4-1: SerialNumber: syz
[  879.611307][T17938] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  880.156848][ T5941] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  880.268406][ T5941] usb 4-1: MIDIStreaming interface descriptor not found
[  880.452729][ T5941] usb 4-1: USB disconnect, device number 81
[  880.622112][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:7.128/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  880.951967][T16785] usb 2-1: USB disconnect, device number 92
[  881.453820][T17960] syz_tun: entered allmulticast mode
[  881.492251][T17960] dvmrp1: entered allmulticast mode
[  881.665234][T17954] syz_tun: left allmulticast mode
[  882.553644][T15096] usb 5-1: USB disconnect, device number 104
[  882.570004][T15096] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  882.614410][T15096] kobil_sct 5-1:0.148: device disconnected
[  882.631479][T17972] FAULT_INJECTION: forcing a failure.
[  882.631479][T17972] name failslab, interval 1, probability 0, space 0, times 0
[  882.706744][T17972] CPU: 0 UID: 0 PID: 17972 Comm: syz.4.3864 Not tainted syzkaller #0 PREEMPT(full) 
[  882.706771][T17972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  882.706784][T17972] Call Trace:
[  882.706792][T17972]  <TASK>
[  882.706801][T17972]  dump_stack_lvl+0x189/0x250
[  882.706825][T17972]  ? __pfx____ratelimit+0x10/0x10
[  882.706847][T17972]  ? __pfx_dump_stack_lvl+0x10/0x10
[  882.706865][T17972]  ? __pfx__printk+0x10/0x10
[  882.706889][T17972]  ? percpu_ref_get_many+0x19/0x140
[  882.706912][T17972]  should_fail_ex+0x414/0x560
[  882.706937][T17972]  should_failslab+0xa8/0x100
[  882.706957][T17972]  __kmalloc_noprof+0xcb/0x7f0
[  882.706980][T17972]  ? io_cache_alloc_new+0x40/0x100
[  882.707004][T17972]  io_cache_alloc_new+0x40/0x100
[  882.707024][T17972]  io_arm_apoll+0x474/0x910
[  882.707056][T17972]  ? __pfx_io_arm_apoll+0x10/0x10
[  882.707080][T17972]  ? __fget_files+0x3a0/0x420
[  882.707100][T17972]  ? __io_issue_sqe+0x1f9/0x4b0
[  882.707129][T17972]  ? io_file_get_normal+0x101/0x2f0
[  882.707152][T17972]  ? io_arm_poll_handler+0x207/0x2a0
[  882.707182][T17972]  io_queue_async+0x175/0x240
[  882.707213][T17972]  io_submit_sqes+0xe78/0x1e60
[  882.707267][T17972]  __se_sys_io_uring_enter+0x2df/0x2b20
[  882.707311][T17972]  ? ksys_write+0x1cb/0x250
[  882.707341][T17972]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  882.707363][T17972]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  882.707388][T17972]  ? __pfx_vfs_write+0x10/0x10
[  882.707417][T17972]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  882.707444][T17972]  ? __fget_files+0x3a0/0x420
[  882.707466][T17972]  ? fput+0xa0/0xd0
[  882.707486][T17972]  ? ksys_write+0x22a/0x250
[  882.707511][T17972]  ? __pfx_ksys_write+0x10/0x10
[  882.707537][T17972]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  882.707563][T17972]  do_syscall_64+0xfa/0xfa0
[  882.707583][T17972]  ? lockdep_hardirqs_on+0x9c/0x150
[  882.707604][T17972]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  882.707624][T17972]  ? clear_bhb_loop+0x60/0xb0
[  882.707647][T17972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  882.707666][T17972] RIP: 0033:0x7f8ab9b8eec9
[  882.707683][T17972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  882.707700][T17972] RSP: 002b:00007f8abaa18038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  882.707722][T17972] RAX: ffffffffffffffda RBX: 00007f8ab9de5fa0 RCX: 00007f8ab9b8eec9
[  882.707738][T17972] RDX: 0000000000000000 RSI: 0000000000000a61 RDI: 0000000000000005
[  882.707751][T17972] RBP: 00007f8abaa18090 R08: 0000000000000000 R09: 0000000000000000
[  882.707763][T17972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  882.707775][T17972] R13: 00007f8ab9de6038 R14: 00007f8ab9de5fa0 R15: 00007f8ab9f0fa28
[  882.707807][T17972]  </TASK>
[  882.983399][    C0] vkms_vblank_simulate: vblank timer overrun
[  883.067370][T16785] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[  883.188904][ T5911] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[  883.226228][T16785] usb 3-1: Using ep0 maxpacket: 16
[  883.233641][T16785] usb 3-1: config 7 has an invalid interface number: 148 but max is 0
[  883.241850][T16785] usb 3-1: config 7 has no interface number 0
[  883.248182][T16785] usb 3-1: config 7 interface 148 altsetting 6 endpoint 0x5 has invalid maxpacket 512, setting to 64
[  883.259291][T16785] usb 3-1: config 7 interface 148 has no altsetting 0
[  883.268785][T16785] usb 3-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=58.61
[  883.280184][T16785] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.290751][T16785] usb 3-1: Product: syz
[  883.295204][T16785] usb 3-1: Manufacturer: syz
[  883.299860][T16785] usb 3-1: SerialNumber: syz
[  883.353227][T17983] FAULT_INJECTION: forcing a failure.
[  883.353227][T17983] name failslab, interval 1, probability 0, space 0, times 0
[  883.372387][ T5911] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  883.381313][ T5911] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  883.394511][T17983] CPU: 1 UID: 0 PID: 17983 Comm: syz.4.3867 Not tainted syzkaller #0 PREEMPT(full) 
[  883.394536][T17983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  883.394546][T17983] Call Trace:
[  883.394553][T17983]  <TASK>
[  883.394562][T17983]  dump_stack_lvl+0x189/0x250
[  883.394586][T17983]  ? __pfx____ratelimit+0x10/0x10
[  883.394609][T17983]  ? __pfx_dump_stack_lvl+0x10/0x10
[  883.394629][T17983]  ? __pfx__printk+0x10/0x10
[  883.394653][T17983]  ? __pfx___might_resched+0x10/0x10
[  883.394674][T17983]  ? fs_reclaim_acquire+0x7d/0x100
[  883.394703][T17983]  should_fail_ex+0x414/0x560
[  883.394731][T17983]  should_failslab+0xa8/0x100
[  883.394752][T17983]  kmem_cache_alloc_node_noprof+0x77/0x710
[  883.394778][T17983]  ? __alloc_skb+0x112/0x2d0
[  883.394804][T17983]  __alloc_skb+0x112/0x2d0
[  883.394827][T17983]  tcp_stream_alloc_skb+0x3d/0x340
[  883.394862][T17983]  tcp_sendmsg_locked+0x1c7f/0x5540
[  883.394934][T17983]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  883.394952][T17983]  ? __local_bh_enable_ip+0x12d/0x1c0
[  883.394979][T17983]  ? __local_bh_enable_ip+0x12d/0x1c0
[  883.395022][T17983]  tcp_sendmsg+0x2f/0x50
[  883.395043][T17983]  __sock_sendmsg+0x19c/0x270
[  883.395074][T17983]  ____sys_sendmsg+0x505/0x830
[  883.395103][T17983]  ? __pfx_____sys_sendmsg+0x10/0x10
[  883.395136][T17983]  ? import_iovec+0x74/0xa0
[  883.395159][T17983]  ___sys_sendmsg+0x21f/0x2a0
[  883.395184][T17983]  ? __pfx____sys_sendmsg+0x10/0x10
[  883.395244][T17983]  ? __fget_files+0x2a/0x420
[  883.395261][T17983]  ? __fget_files+0x3a0/0x420
[  883.395288][T17983]  __x64_sys_sendmsg+0x19b/0x260
[  883.395315][T17983]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  883.395347][T17983]  ? __pfx_ksys_write+0x10/0x10
[  883.395377][T17983]  ? do_syscall_64+0xbe/0xfa0
[  883.395405][T17983]  do_syscall_64+0xfa/0xfa0
[  883.395426][T17983]  ? lockdep_hardirqs_on+0x9c/0x150
[  883.395450][T17983]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.395468][T17983]  ? clear_bhb_loop+0x60/0xb0
[  883.395492][T17983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.395517][T17983] RIP: 0033:0x7f8ab9b8eec9
[  883.395537][T17983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  883.395554][T17983] RSP: 002b:00007f8abaa18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  883.395574][T17983] RAX: ffffffffffffffda RBX: 00007f8ab9de5fa0 RCX: 00007f8ab9b8eec9
[  883.395589][T17983] RDX: 00000000000052cc RSI: 0000200000000040 RDI: 0000000000000003
[  883.395602][T17983] RBP: 00007f8abaa18090 R08: 0000000000000000 R09: 0000000000000000
[  883.395614][T17983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  883.395626][T17983] R13: 00007f8ab9de6038 R14: 00007f8ab9de5fa0 R15: 00007f8ab9f0fa28
[  883.395659][T17983]  </TASK>
[  883.414097][ T5911] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  883.551242][T17988] netlink: 'syz.4.3869': attribute type 1 has an invalid length.
[  883.557941][ T5911] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  883.560595][T17988] __nla_validate_parse: 55 callbacks suppressed
[  883.560610][T17988] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3869'.
[  883.567220][T16785] usb 3-1: probing VID:PID(0424:012C)   
[  883.730667][T15096] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[  883.749522][T16785] usb 3-1: vub300 testing UNKNOWN EndPoint(0) 01
[  883.761625][ T5911] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  883.770942][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  883.783539][ T5911] usb 2-1: Product: syz
[  883.787754][ T5911] usb 2-1: Manufacturer: syz
[  883.792604][T16785] usb 3-1: vub300 ignoring EndPoint(0) 01
[  883.798949][T16785] usb 3-1: vub300 testing UNKNOWN EndPoint(1) 05
[  883.809378][T16785] usb 3-1: vub300 ignoring EndPoint(1) 05
[  883.816186][T16785] usb 3-1: Could not find two sets of bulk-in/out endpoint pairs
[  883.825349][T16785] vub300 3-1:7.148: probe with driver vub300 failed with error -22
[  883.835341][ T5911] cdc_wdm 2-1:1.0: skipping garbage
[  883.840548][ T5911] cdc_wdm 2-1:1.0: skipping garbage
[  883.846159][ T5911] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  883.865567][T16785] usb 3-1: USB disconnect, device number 107
[  883.896866][T15096] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  883.910577][T15096] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.939263][T15096] usb 4-1: Product: syz
[  883.944930][T17991] input: syz1 as /devices/virtual/input/input60
[  883.962370][T15096] usb 4-1: Manufacturer: syz
[  883.970250][T15096] usb 4-1: SerialNumber: syz
[  883.985604][T15096] r8152-cfgselector 4-1: Unknown version 0x0000
[  883.985633][T15096] r8152-cfgselector 4-1: config 0 descriptor??
[  884.623276][ T5911] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[  884.677290][T18010] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  884.706947][T18010] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  884.726395][T18010] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.3877'.
[  884.755470][T18010] workqueue: name exceeds WQ_NAME_LEN. Truncating to: Ç`]Š•Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`
[  884.837317][ T5911] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  884.853664][ T5911] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  884.865297][ T5911] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  884.875230][ T5911] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  884.885166][ T5911] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  884.908042][ T5911] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  884.918269][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  884.937547][ T5911] usb 3-1: Product: syz
[  884.941979][ T5911] usb 3-1: Manufacturer: syz
[  884.946771][ T5911] usb 3-1: SerialNumber: syz
[  885.181475][T18001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  885.223671][T18001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  885.259166][ T5911] cdc_ncm 3-1:1.0: bind() failure
[  885.275802][ T5911] usbtest 3-1:1.0: couldn't get endpoints, -22
[  885.284969][ T5911] usbtest 3-1:1.0: probe with driver usbtest failed with error -22
[  885.314077][ T5911] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  885.321169][ T5911] cdc_ncm 3-1:1.1: bind() failure
[  885.334851][ T5911] usbtest 3-1:1.1: couldn't get endpoints, -22
[  885.344316][ T5911] usbtest 3-1:1.1: probe with driver usbtest failed with error -22
[  885.373927][ T5911] usb 3-1: USB disconnect, device number 108
[  885.528258][ T5941] usb 2-1: USB disconnect, device number 93
[  885.823643][   T30] audit: type=1326 audit(1760051215.742:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18011 comm="syz.4.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  885.854864][   T30] audit: type=1326 audit(1760051215.752:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18011 comm="syz.4.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  885.891470][   T30] audit: type=1326 audit(1760051215.752:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18011 comm="syz.4.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  885.967240][   T30] audit: type=1326 audit(1760051215.752:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18011 comm="syz.4.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  886.101377][   T30] audit: type=1326 audit(1760051215.752:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18011 comm="syz.4.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  886.250588][T18023] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  886.695354][T15096] r8152-cfgselector 4-1: Unknown version 0x0000
[  886.709677][T15096] r8152-cfgselector 4-1: bad CDC descriptors
[  886.728753][T15096] r8152-cfgselector 4-1: USB disconnect, device number 82
[  886.759828][   T30] audit: type=1326 audit(1760051215.752:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18011 comm="syz.4.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  886.907910][   T30] audit: type=1326 audit(1760051215.752:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18011 comm="syz.4.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  886.959327][   T30] audit: type=1326 audit(1760051215.752:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18011 comm="syz.4.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  887.004296][   T30] audit: type=1326 audit(1760051215.762:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18011 comm="syz.4.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  887.064400][   T30] audit: type=1326 audit(1760051215.762:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18011 comm="syz.4.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ab9b8eec9 code=0x7ffc0000
[  887.393354][ T5911] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  887.723499][ T5911] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  887.743351][ T5911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  887.819637][ T5911] usb 5-1: config 0 descriptor??
[  888.080170][ T5911] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  888.100585][    C1] ------------[ cut here ]------------
[  888.106696][    C1] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0
[  888.117133][    C1] WARNING: CPU: 1 PID: 18045 at net/mac80211/rate.c:406 __rate_control_send_low+0x5e2/0x820
[  888.127245][    C1] Modules linked in:
[  888.131581][    C1] CPU: 1 UID: 0 PID: 18045 Comm: syz.1.3888 Not tainted syzkaller #0 PREEMPT(full) 
[  888.140982][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  888.151128][    C1] RIP: 0010:__rate_control_send_low+0x5e2/0x820
[  888.157377][    C1] Code: 38 0f b6 04 28 84 c0 0f 85 d7 01 00 00 41 8b 0f 48 c7 c7 c0 c8 8a 8c 48 8b 74 24 18 44 8b 44 24 2c 45 89 e9 e8 bf 7a c0 f6 90 <0f> 0b 90 90 e9 70 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c
[  888.177091][    C1] RSP: 0000:ffffc90000a08538 EFLAGS: 00010246
[  888.183237][    C1] RAX: e5cfb7438223d500 RBX: 000000000000000c RCX: ffff88802e7cbc80
[  888.191210][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[  888.199210][    C1] RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004
[  888.207201][    C1] R10: dffffc0000000000 R11: fffffbfff1bfa658 R12: ffff88801fbf3168
[  888.215183][    C1] R13: 0000000000000000 R14: ffff888069058e80 R15: ffff88806905b138
[  888.223177][    C1] FS:  00005555565ed500(0000) GS:ffff888125e0f000(0000) knlGS:0000000000000000
[  888.232089][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  888.238670][    C1] CR2: 000000110c2b684c CR3: 000000005d0d8000 CR4: 00000000003526f0
[  888.246655][    C1] Call Trace:
[  888.249931][    C1]  <IRQ>
[  888.252771][    C1]  rate_control_send_low+0x1a7/0x7b0
[  888.258128][    C1]  rate_control_get_rate+0x20b/0x5d0
[  888.263468][    C1]  ieee80211_beacon_get_finish+0x39a/0x6c0
[  888.269273][    C1]  ? __pfx_ieee80211_beacon_get_finish+0x10/0x10
[  888.275699][    C1]  ? __local_bh_enable_ip+0x12d/0x1c0
[  888.281101][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  888.286830][    C1]  ieee80211_beacon_get_ap+0x1868/0x1f30
[  888.292460][    C1]  ? __pfx_ieee80211_beacon_get_ap+0x10/0x10
[  888.298450][    C1]  ? __ieee80211_beacon_get+0x36/0x1880
[  888.304007][    C1]  ? __ieee80211_beacon_get+0x36/0x1880
[  888.309816][    C1]  ? __ieee80211_beacon_get+0x36/0x1880
[  888.315367][    C1]  __ieee80211_beacon_get+0x118e/0x1880
[  888.320899][    C1]  ? __ieee80211_beacon_get+0x36/0x1880
[  888.326504][    C1]  ieee80211_beacon_get_tim+0xb4/0x2b0
[  888.332047][    C1]  ? __pfx_ieee80211_beacon_get_tim+0x10/0x10
[  888.338129][    C1]  mac80211_hwsim_beacon_tx+0x3ce/0x860
[  888.343676][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  888.350866][    C1]  __iterate_interfaces+0x2ab/0x590
[  888.356084][    C1]  ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10
[  888.362142][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  888.369340][    C1]  ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10
[  888.375430][    C1]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[  888.382443][    C1]  mac80211_hwsim_beacon+0xbb/0x180
[  888.387669][    C1]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  888.393487][    C1]  __hrtimer_run_queues+0x52c/0xc60
[  888.398675][    C1]  ? ktime_get_update_offsets_now+0x67/0x3d0
[  888.404679][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  888.410389][    C1]  ? read_tsc+0x9/0x20
[  888.414474][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  888.420273][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  888.425402][    C1]  handle_softirqs+0x283/0x870
[  888.430152][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  888.434924][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  888.440194][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  888.445399][    C1]  __irq_exit_rcu+0xca/0x1f0
[  888.449983][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  888.455183][    C1]  irq_exit_rcu+0x9/0x30
[  888.459408][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  888.465041][    C1]  </IRQ>
[  888.467954][    C1]  <TASK>
[  888.470867][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  888.476849][    C1] RIP: 0010:lock_is_held_type+0x137/0x190
[  888.482553][    C1] Code: 01 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 05 d9 c9 45 07 <48> 3b 44 24 08 75 43 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f
[  888.502205][    C1] RSP: 0000:ffffc90004e478f8 EFLAGS: 00000206
[  888.508329][    C1] RAX: e5cfb7438223d500 RBX: 0000000000000000 RCX: e5cfb7438223d500
[  888.516331][    C1] RDX: ffff88802e7cbc80 RSI: ffffffff8d9d15ab RDI: ffffffff8bc074e0
[  888.524410][    C1] RBP: 00000000ffffffff R08: ffffea0001d6c987 R09: 1ffffd40003ad930
[  888.532375][    C1] R10: dffffc0000000000 R11: fffff940003ad931 R12: 0000000000000246
[  888.540394][    C1] R13: ffff88802e7cbc80 R14: ffff88804ddf34a8 R15: 0000000000000005
[  888.548407][    C1]  xas_reload+0xfc/0x470
[  888.552664][    C1]  next_uptodate_folio+0x15f/0x5d0
[  888.557885][    C1]  filemap_map_pages+0x11ea/0x1c60
[  888.563019][    C1]  ? __lock_acquire+0xab9/0xd20
[  888.567874][    C1]  ? filemap_map_pages+0x15c/0x1c60
[  888.573090][    C1]  ? __pfx_filemap_map_pages+0x10/0x10
[  888.578558][    C1]  ? __handle_mm_fault+0x2789/0x5400
[  888.583855][    C1]  ? __handle_mm_fault+0x2789/0x5400
[  888.589122][    C1]  __handle_mm_fault+0x347e/0x5400
[  888.594237][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[  888.599700][    C1]  ? irqentry_exit+0x74/0x90
[  888.604315][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  888.609522][    C1]  handle_mm_fault+0x40a/0x8e0
[  888.614334][    C1]  do_user_addr_fault+0xa7c/0x1380
[  888.619455][    C1]  ? rcu_is_watching+0x15/0xb0
[  888.624230][    C1]  ? trace_page_fault_user+0x84/0x1e0
[  888.629590][    C1]  exc_page_fault+0x82/0x100
[  888.634198][    C1]  asm_exc_page_fault+0x26/0x30
[  888.639061][    C1] RIP: 0033:0x7f3cbe66f0cd
[  888.643485][    C1] Code: ff 48 83 e8 01 48 89 ee bf 01 00 00 00 48 c1 e0 0e 48 c1 ee 06 48 01 c8 48 89 e9 81 e6 ff 3f 00 00 48 c1 e9 03 83 e1 07 d3 e7 <40> 84 bc 06 20 20 00 00 0f 85 11 fd ff ff e9 c0 fd ff ff e8 3b 2b
[  888.663105][    C1] RSP: 002b:00007f3cbeb0fa60 EFLAGS: 00010202
[  888.669159][    C1] RAX: 000000110c2b4000 RBX: 00007f3cbf515720 RCX: 0000000000000001
[  888.677133][    C1] RDX: 0000000000000b0a RSI: 000000000000082c RDI: 0000000000000002
[  888.685103][    C1] RBP: ffffffff82220b0a R08: 00007f3cbe9e6038 R09: 00007f3cbe9d2000
[  888.693071][    C1] R10: 00007f3cbe1ff008 R11: 0000000000000002 R12: 0000000000000002
[  888.701031][    C1] R13: 0000000000000000 R14: ffffffff82220bc5 R15: 00000000000003cf
[  888.709012][    C1]  ? alloc_frozen_pages_noprof+0x15/0x170
[  888.714732][    C1]  ? vma_alloc_folio_noprof+0x16a/0x200
[  888.720276][    C1]  </TASK>
[  888.723305][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  888.730571][    C1] CPU: 1 UID: 0 PID: 18045 Comm: syz.1.3888 Not tainted syzkaller #0 PREEMPT(full) 
[  888.739924][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  888.749959][    C1] Call Trace:
[  888.753222][    C1]  <IRQ>
[  888.756051][    C1]  dump_stack_lvl+0x99/0x250
[  888.760625][    C1]  ? __asan_memcpy+0x40/0x70
[  888.765198][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  888.770376][    C1]  ? __pfx__printk+0x10/0x10
[  888.774952][    C1]  vpanic+0x237/0x6d0
[  888.778917][    C1]  ? __pfx_vpanic+0x10/0x10
[  888.783408][    C1]  panic+0xb9/0xc0
[  888.787113][    C1]  ? __pfx_panic+0x10/0x10
[  888.791517][    C1]  __warn+0x31b/0x4b0
[  888.795482][    C1]  ? __rate_control_send_low+0x5e2/0x820
[  888.801100][    C1]  ? __rate_control_send_low+0x5e2/0x820
[  888.806730][    C1]  report_bug+0x2be/0x4f0
[  888.811067][    C1]  ? __rate_control_send_low+0x5e2/0x820
[  888.816688][    C1]  ? __rate_control_send_low+0x5e2/0x820
[  888.822306][    C1]  ? __rate_control_send_low+0x5e4/0x820
[  888.827932][    C1]  handle_bug+0x84/0x160
[  888.832173][    C1]  exc_invalid_op+0x1a/0x50
[  888.836662][    C1]  asm_exc_invalid_op+0x1a/0x20
[  888.841491][    C1] RIP: 0010:__rate_control_send_low+0x5e2/0x820
[  888.847716][    C1] Code: 38 0f b6 04 28 84 c0 0f 85 d7 01 00 00 41 8b 0f 48 c7 c7 c0 c8 8a 8c 48 8b 74 24 18 44 8b 44 24 2c 45 89 e9 e8 bf 7a c0 f6 90 <0f> 0b 90 90 e9 70 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c
[  888.867300][    C1] RSP: 0000:ffffc90000a08538 EFLAGS: 00010246
[  888.873351][    C1] RAX: e5cfb7438223d500 RBX: 000000000000000c RCX: ffff88802e7cbc80
[  888.881304][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[  888.889259][    C1] RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004
[  888.897218][    C1] R10: dffffc0000000000 R11: fffffbfff1bfa658 R12: ffff88801fbf3168
[  888.905175][    C1] R13: 0000000000000000 R14: ffff888069058e80 R15: ffff88806905b138
[  888.913136][    C1]  ? __rate_control_send_low+0x5e1/0x820
[  888.918763][    C1]  rate_control_send_low+0x1a7/0x7b0
[  888.924035][    C1]  rate_control_get_rate+0x20b/0x5d0
[  888.929323][    C1]  ieee80211_beacon_get_finish+0x39a/0x6c0
[  888.935117][    C1]  ? __pfx_ieee80211_beacon_get_finish+0x10/0x10
[  888.941422][    C1]  ? __local_bh_enable_ip+0x12d/0x1c0
[  888.946793][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  888.952499][    C1]  ieee80211_beacon_get_ap+0x1868/0x1f30
[  888.958122][    C1]  ? __pfx_ieee80211_beacon_get_ap+0x10/0x10
[  888.964097][    C1]  ? __ieee80211_beacon_get+0x36/0x1880
[  888.969623][    C1]  ? __ieee80211_beacon_get+0x36/0x1880
[  888.975237][    C1]  ? __ieee80211_beacon_get+0x36/0x1880
[  888.980760][    C1]  __ieee80211_beacon_get+0x118e/0x1880
[  888.986284][    C1]  ? __ieee80211_beacon_get+0x36/0x1880
[  888.991811][    C1]  ieee80211_beacon_get_tim+0xb4/0x2b0
[  888.997250][    C1]  ? __pfx_ieee80211_beacon_get_tim+0x10/0x10
[  889.003305][    C1]  mac80211_hwsim_beacon_tx+0x3ce/0x860
[  889.008848][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  889.016049][    C1]  __iterate_interfaces+0x2ab/0x590
[  889.021235][    C1]  ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10
[  889.027296][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  889.034482][    C1]  ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10
[  889.040545][    C1]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[  889.047646][    C1]  mac80211_hwsim_beacon+0xbb/0x180
[  889.052826][    C1]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  889.058728][    C1]  __hrtimer_run_queues+0x52c/0xc60
[  889.063925][    C1]  ? ktime_get_update_offsets_now+0x67/0x3d0
[  889.069898][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  889.075604][    C1]  ? read_tsc+0x9/0x20
[  889.079663][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  889.085468][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  889.090565][    C1]  handle_softirqs+0x283/0x870
[  889.095311][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  889.100053][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  889.105343][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  889.110526][    C1]  __irq_exit_rcu+0xca/0x1f0
[  889.115183][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  889.120363][    C1]  irq_exit_rcu+0x9/0x30
[  889.124589][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  889.130224][    C1]  </IRQ>
[  889.133140][    C1]  <TASK>
[  889.136051][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  889.142024][    C1] RIP: 0010:lock_is_held_type+0x137/0x190
[  889.147739][    C1] Code: 01 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 05 d9 c9 45 07 <48> 3b 44 24 08 75 43 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f
[  889.167592][    C1] RSP: 0000:ffffc90004e478f8 EFLAGS: 00000206
[  889.173656][    C1] RAX: e5cfb7438223d500 RBX: 0000000000000000 RCX: e5cfb7438223d500
[  889.181629][    C1] RDX: ffff88802e7cbc80 RSI: ffffffff8d9d15ab RDI: ffffffff8bc074e0
[  889.189593][    C1] RBP: 00000000ffffffff R08: ffffea0001d6c987 R09: 1ffffd40003ad930
[  889.197564][    C1] R10: dffffc0000000000 R11: fffff940003ad931 R12: 0000000000000246
[  889.205517][    C1] R13: ffff88802e7cbc80 R14: ffff88804ddf34a8 R15: 0000000000000005
[  889.213490][    C1]  xas_reload+0xfc/0x470
[  889.217723][    C1]  next_uptodate_folio+0x15f/0x5d0
[  889.222815][    C1]  filemap_map_pages+0x11ea/0x1c60
[  889.227925][    C1]  ? __lock_acquire+0xab9/0xd20
[  889.232777][    C1]  ? filemap_map_pages+0x15c/0x1c60
[  889.237989][    C1]  ? __pfx_filemap_map_pages+0x10/0x10
[  889.243445][    C1]  ? __handle_mm_fault+0x2789/0x5400
[  889.248761][    C1]  ? __handle_mm_fault+0x2789/0x5400
[  889.254042][    C1]  __handle_mm_fault+0x347e/0x5400
[  889.259162][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[  889.264616][    C1]  ? irqentry_exit+0x74/0x90
[  889.269278][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  889.274471][    C1]  handle_mm_fault+0x40a/0x8e0
[  889.279233][    C1]  do_user_addr_fault+0xa7c/0x1380
[  889.284334][    C1]  ? rcu_is_watching+0x15/0xb0
[  889.289079][    C1]  ? trace_page_fault_user+0x84/0x1e0
[  889.294434][    C1]  exc_page_fault+0x82/0x100
[  889.299008][    C1]  asm_exc_page_fault+0x26/0x30
[  889.303847][    C1] RIP: 0033:0x7f3cbe66f0cd
[  889.308244][    C1] Code: ff 48 83 e8 01 48 89 ee bf 01 00 00 00 48 c1 e0 0e 48 c1 ee 06 48 01 c8 48 89 e9 81 e6 ff 3f 00 00 48 c1 e9 03 83 e1 07 d3 e7 <40> 84 bc 06 20 20 00 00 0f 85 11 fd ff ff e9 c0 fd ff ff e8 3b 2b
[  889.327828][    C1] RSP: 002b:00007f3cbeb0fa60 EFLAGS: 00010202
[  889.333883][    C1] RAX: 000000110c2b4000 RBX: 00007f3cbf515720 RCX: 0000000000000001
[  889.341844][    C1] RDX: 0000000000000b0a RSI: 000000000000082c RDI: 0000000000000002
[  889.349802][    C1] RBP: ffffffff82220b0a R08: 00007f3cbe9e6038 R09: 00007f3cbe9d2000
[  889.357760][    C1] R10: 00007f3cbe1ff008 R11: 0000000000000002 R12: 0000000000000002
[  889.365713][    C1] R13: 0000000000000000 R14: ffffffff82220bc5 R15: 00000000000003cf
[  889.373670][    C1]  ? alloc_frozen_pages_noprof+0x15/0x170
[  889.379371][    C1]  ? vma_alloc_folio_noprof+0x16a/0x200
[  889.384911][    C1]  </TASK>
[  889.388218][    C1] Kernel Offset: disabled
[  889.392524][    C1] Rebooting in 86400 seconds..