last executing test programs:

11.158900666s ago: executing program 4 (id=3976):
socket(0x2, 0x80805, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
recvmmsg(r0, 0x0, 0x0, 0x12000, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r3, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r3, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r3, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000001240)={[0x2]}, 0x8, 0x80800)

10.531004996s ago: executing program 2 (id=3978):
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f0000000040)=0x6) (async)
r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$KVM_GET_XSAVE(r1, 0x9000aea4, &(0x7f0000000080))
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000001080), 0x1, 0x0)
fsetxattr$trusted_overlay_upper(r2, &(0x7f00000010c0), &(0x7f0000001100)={0x0, 0xfb, 0x37, 0x0, 0x3, "a3066cf5f5298dad715c3040f3cb1693", "fa809e00c958677620eb29a253e35d1cb8ecaffe471eeb029262ed2e3b2b35f23cae"}, 0x37, 0x3)
semget$private(0x0, 0x4, 0x200) (async)
ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000001140)={0x48, 0x37, 0x8}) (async)
r3 = socket$netlink(0x10, 0x3, 0xa)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0x7, &(0x7f0000001180)={0x5, 0x101, 0x0, 0x43b5}, 0x10)
ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f00000011c0)={0x1, 0x0, @ioapic={0xeeee0000, 0x3e879716, 0x9, 0x8, 0x0, [{0x10, 0x4, 0x10, '\x00', 0x8}, {0x0, 0x80, 0x1c, '\x00', 0xe}, {0x53, 0x6, 0x7, '\x00', 0x5}, {0x9, 0x8, 0x5, '\x00', 0x2}, {0x2, 0xff, 0x8, '\x00', 0x8}, {0x6, 0x5, 0x4, '\x00', 0x9e}, {0x2, 0xb, 0x7, '\x00', 0x5}, {0x9, 0x86, 0x9, '\x00', 0x7}, {0x8, 0x8, 0x4, '\x00', 0x1}, {0x1, 0x6, 0x5, '\x00', 0x1}, {0x2, 0xb, 0x8, '\x00', 0x3}, {0x8, 0x1, 0x3}, {0x5, 0x6, 0xd, '\x00', 0x10}, {0x81, 0x4, 0xff, '\x00', 0x5}, {0x6, 0x1, 0x2, '\x00', 0xd}, {0x46, 0x7, 0x0, '\x00', 0xed}, {0x1, 0x8, 0x40, '\x00', 0xf7}, {0xc, 0x3, 0x7}, {0x10, 0x81, 0x9, '\x00', 0x7}, {0x3, 0xf4, 0xdf, '\x00', 0x7f}, {0x6a, 0xe, 0xfc, '\x00', 0x6}, {0x9, 0x1, 0x8}, {0x7, 0x5, 0x8, '\x00', 0x5}, {0x3, 0x7, 0x0, '\x00', 0x6}]}}) (async)
r4 = getpgid(0xffffffffffffffff)
fcntl$lock(r0, 0x25, &(0x7f0000001400)={0x0, 0x2, 0x3ff, 0x19, r4}) (async)
ioctl$SNDCTL_DSP_SETTRIGGER(r3, 0x40045010, &(0x7f0000001440)=0x92) (async)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000001480)={0x0, @aes256, 0x0, @desc1})
socket$nl_sock_diag(0x10, 0x3, 0x4) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0xd) (async)
ioctl$TCSETSF(r2, 0x5404, &(0x7f00000014c0)={0x7, 0x2, 0xb0, 0x7, 0xd, "bf411253c3d79f4fcc22954970265d76e3d683"})
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000001500)={'ip6tnl0\x00', 0x4000})
sendmsg$nl_route_sched(r3, &(0x7f0000001600)={&(0x7f0000001540)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000015c0)={&(0x7f0000001580)=@delqdisc={0x40, 0x25, 0x10, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0x2}, {0x5, 0xb}, {0xfff3, 0x4}}, [@TCA_RATE={0x6, 0x5, {0x9, 0xe}}, @qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x7}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x80804) (async)
recvfrom$rxrpc(r2, &(0x7f0000001640)=""/240, 0xf0, 0x10100, &(0x7f0000001740)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @multicast2}}, 0x24)
r5 = syz_open_dev$vcsa(&(0x7f0000001780), 0x0, 0x80582) (async)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f00000017c0)={<r6=>0x0, @in={{0x2, 0x4e24, @private=0xa010100}}, [0xc5, 0xeb2d0, 0x1, 0xfd, 0x40, 0x3, 0x2, 0x3, 0x2, 0x10, 0x3, 0x7fffffffffffffff, 0xfffffffffffffffb, 0x6, 0x3]}, &(0x7f00000018c0)=0x100)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000001900)={r6}, &(0x7f0000001940)=0x8) (async)
ioctl$SG_GET_ACCESS_COUNT(r5, 0x2289, &(0x7f0000001980)) (async)
syz_usb_connect(0x6, 0x7c4, &(0x7f00000019c0)={{0x12, 0x1, 0x310, 0x35, 0x3f, 0x12, 0x20, 0x54c, 0x155, 0x5444, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7b2, 0x2, 0x8e, 0xf, 0x60, 0x3, [{{0x9, 0x4, 0x87, 0x9, 0xe, 0x47, 0x91, 0x3f, 0x41, [@cdc_ncm={{0x8, 0x24, 0x6, 0x0, 0x1, "92e2c4"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x8, 0xd, 0x3, 0x81}, {0x6, 0x24, 0x1a, 0x9, 0x24}, [@call_mgmt={0x5, 0x24, 0x1, 0x0, 0x3}, @obex={0x5, 0x24, 0x15, 0xe}, @mbim={0xc, 0x24, 0x1b, 0xb, 0x5, 0xb, 0x4, 0x7}, @dmm={0x7, 0x24, 0x14, 0x8001, 0x1}, @mdlm_detail={0x1f, 0x24, 0x13, 0x7, "5d58c6ce096331f00028df4d046de15bbcd416044f6c8324f3e549"}, @mdlm_detail={0xf8, 0x24, 0x13, 0xd8, "1bf38136551f68a2b575dc42d457d495785428836e86d7a5b14c12074042c2a84b124384173ba65404d04f462ec8543c8ac60878d418d31d066efc3e63ad92cc4987ee515db11f79c3994291367202cce9bcb9944e8b1cfa175830d20eec5c8f68dfb565bb28207968593df47ecf19232b5ed61046f4d553ce0be2b20faf9cee7146598dbfacbb159e75f0ccd311dd991f3630c24b9add06d8ee845132da4f119625f603e4595da7fcad856c54268f7d6f8196edfaa993aa6ea7d78d04e08e3d193d4c4b3fd2e9d5fc6da3e66e45c42084fda6f10cb40f6ea326c789ef1b1503c9a14352317da400aa568e9ee760ae42866436ca"}]}, @cdc_ecm={{0x8, 0x24, 0x6, 0x0, 0x0, "ed7fdc"}, {0x5, 0x24, 0x0, 0x4800}, {0xd, 0x24, 0xf, 0x1, 0x100, 0x4, 0x8, 0x9}, [@acm={0x4}, @network_terminal={0x7, 0x24, 0xa, 0x3, 0x44, 0x5, 0xa4}, @call_mgmt={0x5}, @country_functional={0x8, 0x24, 0x7, 0x4, 0x401, [0x6]}, @mdlm={0x15, 0x24, 0x12, 0x8}]}], [{{0x9, 0x5, 0x3, 0x0, 0x8, 0xc0, 0xff, 0x5}}, {{0x9, 0x5, 0x6, 0x0, 0x1ff, 0x1, 0x4, 0x4}}, {{0x9, 0x5, 0x80, 0x0, 0x20, 0xf5, 0xd, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x10, 0x1ff}]}}, {{0x9, 0x5, 0x4, 0x1, 0x10, 0x1, 0x3, 0x6, [@generic={0xc7, 0x3, "b2f9150d063124069a8b553d1f56ec51b537fe0e8b424c0e4c3becd65e661022e5728148001015b6daa65d15e0cc80feece35606602f1207189ece7a63216bc1d1b42a7297dccc72389ab85125bb8b56e48b2c6be8b050fc6058172947d40caf01f7a41bca0e5d9cdf118c17ad2f3f469c548adf45b40d94f043d29f761a7b066be2648a3da6fc2c66a5a2226ef3b15963d46c30f239b951f7bd357f53584be574dedc9c584aef1f1081bb6e9819ef475abd2796069233af1abb38f6882ca5b3b0bdb9dc1b"}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x2, 0x47e8}]}}, {{0x9, 0x5, 0xb, 0x0, 0x20, 0xf, 0x8, 0xaa}}, {{0x9, 0x5, 0x7, 0x2, 0x10, 0x0, 0x3, 0x4}}, {{0x9, 0x5, 0xa, 0x0, 0x10, 0x52, 0x6, 0x4, [@generic={0x58, 0xb, "7ceaaf475d7081a84271f4edc1dd548d7cd5988f307fbaae5190e2f3e2ff783ddac22d92d66844308fa325940ed539e03c0a433083e42c1aaf12cac0f05f4b0207863a19e065c444dce6b08e1bdcab3a8b59ef9d5691"}]}}, {{0x9, 0x5, 0x3, 0x10, 0x400, 0x7, 0xb6, 0x0, [@generic={0x53, 0x31, "d5932660b1ad83a4c064d63803f7bf31c299e1f137643e341917cb3a93b7c8f5cc98840b71859865912830ab9536473cf11c12dfc742fec03bf059ea7adac91591ab83e49176bac049da329edd1b352d5c"}]}}, {{0x9, 0x5, 0xd, 0x0, 0x200, 0x5, 0x2, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x85, 0x5, 0x5}]}}, {{0x9, 0x5, 0x9, 0x10, 0x20, 0x6, 0x8, 0x7}}, {{0x9, 0x5, 0x2, 0x10, 0x8, 0x7, 0x1, 0x7, [@generic={0xea, 0x24, "2e68e01c2174cc1369a941a6ca9e9cf713dbd6a73af15f1d670699de51a89ae247dfa022f54a0806bc100818632785390eceb79df43eb7bfaff50b22c33def957eb12818dd770014f5be2f10a5c452699fa284fc91bf0fbb6d94167e9f4b4911084dee8528a810d390324740ff9a2d80093e8038d82b3a87001be205f80bb36de456cc31bfff34408f48a4cfeeb9a6b2eaf67303a2f8752fe1f322e537d85cc362c09c14b9fdbca534fcee3cc68771dab428892956ca85a96b03206aa95c2b83ff531f939a039ced15bc10c768a978ae729e68547cced68fa17e6e590c52099763388927c2c0ba04"}, @generic={0x12, 0x21, "8e60daf37b01cb4e9bf448be838c8466"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x30, 0x9, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xb3, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x5, 0x9}]}}, {{0x9, 0x5, 0x6, 0x3, 0x20, 0x7e, 0x4d, 0xd}}, {{0x9, 0x5, 0x1, 0x3, 0x8, 0xa1, 0x7, 0xc, [@generic={0xfe, 0x8, "f0ec727c3c8e39d84aa8208646b8da0619f719a4699bf6a454f80152ed17d4716e8fa605bb53095ec09a0fc2bb5badd9169956b1e64d4895de1b61925a3f8c46ff36eb917e3b2432572fde0e3d17b1c23f5c898e3aaf3700c8d7cbab726c894dbd43e8ce8c5429c5b9fbac2bd1fc969f2d5342591c32bf784d8691ccca08cfaf2b31ffe78f228bccb6953ed7dfba3861111f0c4272f524c955d3e2de689d3bc73f3c36e417d2702f0270eb39a7013048670fc1778b134f7b45d967336ee5e368d2ad7bcc82ef0f7d0ba8a8d6c52eeced85206cfac84be9f700383cc05eb5ad516e2c4a835d5e79d840461fe4c8bbbd0f7aff27e221001fed21d3ee62"}, @generic={0x46, 0xc, "b7b81e666c18b2631abea4dc92019136cfa62ddc5c4639df9601256e1c989764ed7ba34393d921a962c1a707b8ae8e41333b5c47def8733afd435cc8bc1c92616553329f"}]}}]}}, {{0x9, 0x4, 0x90, 0x8, 0x3, 0x32, 0x1, 0x1f, 0x4, [@generic={0xfc, 0x9, "6cf8a5e4259362ebfd11f89cdc90c86718a0863cfa0a6f3f6608524fe35176b07a679abf97fd9e85a0311398e1209569b71d8cbff29aa8603e952a340b120cae6f5cb6cf6a2c5f4c09585d527c95a3986dd269e556caf17afb61d109f6ebec05f59c249125934efbf185cd4ebfe3d90fa279b72d1424bc23970a0eec5958132c7025680d468c43d26f7a18f9f060f49d6e1972c789b4df9ded2f839535f791046950aa9f3dc6dc9a892d10bb51aebc64d258e9c763430fb4cce2aaedcd10cde65e021d7eee2ce60debd1bdde2b45d225e1d67367f75b1396e71ac76d2d99d6aa62328ecc734a555252a69142032fb9ef714b28c251e4b5021a97"}, @uac_control={{0xa, 0x24, 0x1, 0x400, 0xbd}, [@mixer_unit={0x7, 0x24, 0x4, 0x1, 0xff, "f09e"}]}], [{{0x9, 0x5, 0x3, 0x3, 0x200, 0x0, 0x0, 0xe, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x9, 0x7}, @generic={0x74, 0x23, "ce245646a4c11bccb621bde99b94ca78d37fb080bb6ad354e08cade1df51a5e92cfcb4deaf63c1a42a3137cd64d136871989ff38f739cfecdccec992d93659aefe6eccb10d1c32f3806f9e9234b1b8b960b451f0e90472ea23851da2483b2a96432fc5ffc449ed5395a4d6fbd24b883eebe8"}]}}, {{0x9, 0x5, 0x1, 0x1, 0x8, 0x0, 0xb1, 0xa}}, {{0x9, 0x5, 0x4, 0x0, 0x8, 0x6, 0x4, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x0, 0x4}]}}]}}]}}]}}, &(0x7f0000002340)={0xa, &(0x7f00000021c0)={0xa, 0x6, 0x201, 0xfc, 0xfa, 0x4, 0xff, 0x2a}, 0x2c, &(0x7f0000002200)={0x5, 0xf, 0x2c, 0x4, [@ssp_cap={0xc, 0x10, 0xa, 0xfb, 0x0, 0x400, 0xf, 0x62f}, @ssp_cap={0xc, 0x10, 0xa, 0x9, 0x0, 0xe6e7, 0xf00, 0x3}, @ptm_cap={0x3}, @ssp_cap={0xc, 0x10, 0xa, 0x6, 0x0, 0x7be, 0x0, 0xfff}]}, 0x2, [{0x89, &(0x7f0000002240)=@string={0x89, 0x3, "4b827f663664431caf79f0e9c713de2528df6d74932f5942dd4caeb04376b75331cdfc95c01cff683ebb00535d09d33547aba8d046213a58ceca2ebb64ad0fdcc1560f8913a144face549117a6a293558f051e16cae21211ea53d0eff58382fc1a13edcaef183ca2c25b8fd96751cb6dd15bf396a244d1407fee3aa005d91e2b91fbceca59ef29"}}, {0x4, &(0x7f0000002300)=@lang_id={0x4, 0x3, 0x1007}}]})
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r7, 0x6, 0xe, &(0x7f0000002380)={@in={{0x2, 0x4e20, @remote}}, 0x0, 0x0, 0x39, 0x0, "ce50e0e4498d6b2014658c46364a812c527863dc294379fd2e2da1148aa4bac706866d452c44c7cba9bfbeda897d00ab8118e570a42bff308dcf696aaa595ed286c1fdfd28f04beb641c2ebc1b9db9e1"}, 0xd8) (async)
openat$dsp(0xffffffffffffff9c, &(0x7f0000002480), 0x2000, 0x0)

9.664794508s ago: executing program 2 (id=3979):
r0 = syz_usb_connect$lan78xx(0x0, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001140)={0x34, &(0x7f0000000fc0)={0x20, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001540)={0x34, &(0x7f00000008c0)={0x40, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000900)={0x34, &(0x7f0000003640)={0x20, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, &(0x7f0000000000)=[{0x6, 0x0, 0x83}, {0x6, 0x0, 0xb187}], 0x2, 0x201, 0x0, 0x0, 0xa5, 0x5c})
syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)={0x40, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000004300)={0x34, &(0x7f00000040c0)={0x40, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
r2 = syz_usb_connect$sierra_net(0x3, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x1199, 0x68a3, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x80, 0xfa, {{0x9, 0x4, 0x7, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, "", {{0x9, 0x5, 0xc, 0x2, 0x20, 0x1, 0x3, 0x3}, {0x9, 0x5, 0xa, 0x2, 0x3ff, 0x4, 0x5, 0x3}, {0x9, 0x5, 0x7, 0x3, 0x200, 0x8, 0x7, 0xa6}}}}}}]}}, 0x0)
syz_usb_control_io$sierra_net(r2, &(0x7f00000001c0)={0x14, &(0x7f0000000040)={0x0, 0x30, 0x101, {0x101, 0x8, "89104f83d8e275b894a5fc7a3ce3e3c00024e89f7cff4e4f57a0caca9558bb6c68f3e61bbbcc89af641c0a02907c95c5a31876ebf716c8f6f0a5cca7e45805d18b3c087dd243822ca6cadf6bb6be26eb93af34c22fa83ec34a0857073556bfeadc229438f69cf6ea0417da6cabb7a60176adb6cb987f99ff3fa0d0f661a85d1e25230eda1e2acb4e80cd0a7a6a7a2e103c830babfb49b04ef625c64a01df823e8adccac5c7923e9005e74497a6062513381306b1b3fc868813f17ca552c1393bf0dc5b24b8620ea1255819b77213f988bfc01b08d165ae7763189c137b81cb6ab7a4b51fa96111b734cc915a0cbd3a1ddd54fac07ec462fe38429eaaea29b9"}}, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x443}}}, &(0x7f0000000880)={0x1c, &(0x7f0000000200)={0x20, 0x10, 0xc0, "395db091ba1291a3b4cc3fe22e4e8a7b7f6a71e2bc2c675f520f4b2d09f8adb2b8cb033ae95ddf8a3996d47ef75c91e53c6b58e22053350c586426da4841f96ac06bd8b809375e1c887afaaac98c4965f0ad261afe36468140d511125b7c08531d4cf5a9b58b379d9bc58fef0713b50ff6b3f25b4100f28ff416e5fe69df99831d500a82bd000956cdd6081e49da79a297a4b1b43ea97d42c438d856ff8f4e4829359d70872f1577aae0f65df3cc7623146365ff839f7606f2d4b9d62bcb3415"}, &(0x7f0000000380)={0xa1, 0x1, 0x400, "58d46717c9ccddd529c9df10b896c410221099ba7b579baf533fed7a64d810283f2af2b482cb69ad82f21d67c413921708cf09cf313951204fe00eef8a7e424cb2a448d213cf0104fa0705ccdb7dfbe4e8d4a462dce0e45ca36b79cfb29c3d6213d812195d361ed67ba2873c6d92c222e6ec6fe33a37f6799c9af617d561f56931a42c178111f8ccd7c37edd4d816bfda0a9b35e6ad7d19a749421a2215c151a0119f1130bef392e1c5d0d84e9e2f00d1fa0834e6591b634bbaff80d14c83f2f64bfd3351221bcafddd59557a908e3b9b77f30b19591211175500fcf628281d448769f1a39ae3df0316b3b05ef2bab4a2652c89410a91f972eea2e1f813289890d5dbea1d1415487e0a536af43dd48cee804cfb0c717c3029b74cbbe92f720a0dbe8d72cf80b5d83f3eae6f4a07811232ff0deee3b0bdf5a2a2844dfa1ff046f732c876cded25fa93a075221e8123e0268bb76ad808a3319a10e8287974634a09a087e05749414b0edfd77360acf79925cd357d77c5c6f6174268db0f6e3d88c0922ae11c6c025887ffabcb61bbf240d0200573810568ca4ead895b73afd122610324c672aa9ba00e9fe10a10d923fd24769794422561d4327c910c54fec1dd96afe2abce53a0fad914c9434796daa5f8399cb2b9a39fc05f1d63f56c282c1edf1169cb82c8f3bea9dbfb6ff7c899d7f0a8ff8dfef4bc0986d39bf5852e4d461d65ef0645aa09827aae3fa25d2748dcb8a00edb3b7b73fbe667a2853ff4d5f06cff15b9d87d0350cdc1417636344ab5e49592b9c64d1625c12413310293de89853446788cf3168d327a04b584207ff870ee9327a4097a88a756f1c1f2d34ef97d6cfd23f7a5d605ce3801e3b1d5b5757b033c2f95d0f4368f0db77dc0f1af8b9bc4f88daa2e60af153928e51c488fae05c13f2df4b17e174688de947355d0cd7b24bd36b08115b87acefa4703436e2fbfbb49528480e055d6b62cec23e4af552aa5983d67b412c99e6ae067d58110e03c6d9e165f4dcb4ac4887646a966fd7db03b0b04d3c9305d3c86fb38dd72e806296a5740690fd2ab07fbf61d75c92a39e98fca204cf297addf67abea93b42f2f40159ac55f510d454d6a3f10fed11a4f18b5d35ffd474671d93fcd1d25ce307178600a3f02ea8e1ab5debe479e5e419f4d5e973644aa1c193c84d47223bd5870eeb1bd87831efc896bd55c0cd8bcc900ce4cc8a04bb951f8930ab1e5ffc7602d79ba68099573e5ffcd1af3fb1323dfc323f885fbb04ba923752d7cf1854213e27aa9b3ec3e58240341998712f51c8f76d0ce47fd0b2abc01c7bbbafd15a7360749228f953f63b2bfc962e773bb769d77c0379ba09bd5cbff35be399d892b7dc52260131ff33eba2a1bf735ffc61309e172674eba825196533a6053d8029bb7ddadc5be8c1a4c838efab5d27ee8bea5490"}, &(0x7f0000000300)={0x21, 0x0, 0x2, "b04b"}})
syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000340)={0x40, 0x10, 0x8, "2392ffb2eba90c9e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

8.432110158s ago: executing program 1 (id=3987):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_WOWLAN(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x30}}, 0x0)
getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000000100001042dbd70000000000000000000", @ANYRES32=r4, @ANYBLOB="000000000000000030001280080001007369740024000280080014002f00000008000300ac"], 0x50}}, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={@local, 0x78, r4})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r5, @ANYBLOB="0100"], 0x3c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x1, 0x3, &(0x7f00000013c0)=@framed, &(0x7f0000001400)='syzkaller\x00'}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r6, 0x104, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[], 0xa8}}, 0x0)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r7, 0x0, 0xc8, &(0x7f0000000180), 0x4)
r8 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r8, 0x0, 0xd2, &(0x7f0000000000)={@rand_addr=0x64010102, @local, 0xffffffffffffffff, "12ceaac82ab7d944e84b6fbd6178697e3b10c9b81bede26c85b33710854158e8", 0x6, 0x5, 0x0, 0x8}, 0x3c)

8.26856271s ago: executing program 3 (id=3988):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x8000194)

8.10716681s ago: executing program 3 (id=3989):
io_uring_setup(0x78c, &(0x7f0000001400)={0x0, 0x30c1, 0x10, 0x1, 0xca})
syz_io_uring_setup(0xd19, &(0x7f0000000180)={0x0, 0x6b8a, 0x8, 0x1, 0x3cc}, &(0x7f0000001480)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
pread64(r2, &(0x7f00000000c0)=""/4082, 0xff2, 0x7)
symlinkat(&(0x7f0000000340)='./file0\x00', r2, &(0x7f0000000380)='./file0\x00')
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r3, 0xc0045520, &(0x7f00000001c0)=0xffffbf7f)
r4 = syz_open_procfs(0x0, &(0x7f00000014c0)='net/raw6\x00')
preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/218, 0xda}], 0x1, 0x9, 0x3)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x75db35c111f1a6cc, 0xe, &(0x7f0000000880)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000240)={0x2, 0x0, 0x0, 0x4}, 0x10, 0x0, r2}, 0x94)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f00000003c0)={0x7f, 0x2, 0x1, 0xd, 0x140})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
clock_gettime(0x0, &(0x7f0000001300)={<r6=>0x0, <r7=>0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r8 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x9840)
ioctl$SG_IO(r8, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffb, 0x6, 0x1, @buffer={0x300, 0x56, &(0x7f0000000440)=""/86}, &(0x7f0000000000)="46a1a0995a02", 0x0, 0x0, 0x14, 0x0, 0x0})
clock_gettime(0x0, &(0x7f0000001340)={<r9=>0x0, <r10=>0x0})
utimes(&(0x7f00000012c0)='./file0\x00', &(0x7f00000013c0)={{r6, r7/1000+10000}, {r9, r10/1000+60000}})
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix={0x1, 0x3ff, 0x32315559, 0x8, 0x203, 0x2, 0x7, 0x6, 0x1, 0x2, 0x1, 0x1}})
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, 0xffffffffffffffff, 0x80, &(0x7f00000000c0)=@in6={0xa, 0x4e21, 0x52, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x8}})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
r11 = syz_open_dev$sndpcmc(&(0x7f0000000240), 0x0, 0x0)
io_setup(0x1, &(0x7f0000000000)=<r12=>0x0)
io_submit(r12, 0x1, &(0x7f0000001380)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r11, 0x0}])
r13 = fsopen(&(0x7f0000000040)='v7\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r13, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(:2', 0x0)
r14 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000010c0)='net/netfilter\x00')
readv(r14, &(0x7f0000001280)=[{&(0x7f0000001100)=""/89, 0x59}, {&(0x7f0000001180)=""/120, 0x78}, {&(0x7f0000001200)=""/90, 0x5a}], 0x3)

8.023652002s ago: executing program 1 (id=3990):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x5b7a, &(0x7f00000000c0)={0x0, 0x4fab, 0x8, 0x3, 0xb1}, &(0x7f0000000140), &(0x7f00000003c0))
syz_io_uring_submit(0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f0000000300)={0x2, 0x3}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0xffffffff, {0x5}}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x2c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x23f, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

7.788993312s ago: executing program 4 (id=3991):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b40500000002000061f017000000000066000000000000009d00000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48)
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYRES32=r0], 0x10}, 0xc000)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
syz_clone(0x2020100, 0x0, 0xfffffffffffffff4, 0x0, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800)
syz_usb_connect$printer(0x3, 0x2d, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xeb, 0x40, 0xdf, [{{0x9, 0x4, 0x0, 0xd7, 0x1, 0x7, 0x1, 0x2, 0xd, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x5, 0x5, 0xff}}}}}]}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0xf8, 0x1, 0x2, 0x10, 0x8}, 0x55, &(0x7f0000000140)=ANY=[@ANYBLOB="050f55000320100a0085f5110000ff0000003f0000c00000007e00001c100a0a840000000f0009003f00000000000f00000014100408367f96c25edb1a2f57b39111f8cadd61000000000000000000b109c9a447189d1a899590d0cc45c0000000000000"], 0x2, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x814}}, {0xe7, &(0x7f0000000200)=@string={0xe7, 0x3, "a8fe42c98e921f83ebb329114de840946cac40e63ea590127752700ca83dd3a648e0312761db0ca72e952006f0363d5dabc8b3bd63b11fb08239ab20f75b6d876489d2eafbe58f62aa4e523202f668ac4a8b2be52290c6847aeea4ed170f75a315bc761d7d2199ebab7674d4c17bd5876eaee573e694f5236ff01ac22aae5850bb12bf1cf282543ff972c2e60b3cb7a5c7be98098632881fc3f05032bc52ad08aae461d0f964c155e1a965e96f478f94f145e7f8c9c498e46bf0bedaa65ab82fe5f339dcc4cf9747e7591405f410250ca118a08e968257441e7cc47238220aae30632e0e97"}}]})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x48, r4, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x1c, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}]}]}, 0x48}}, 0x80)
ioctl$int_in(r1, 0x5421, &(0x7f00000000c0)=0x5)
read$char_usb(r1, 0x0, 0x0)

7.079353905s ago: executing program 0 (id=3992):
r0 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000001c0)='fuseblk\x00', &(0x7f0000000200)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000580)='\xc1J\xaf\xfd,\x86\xbc\xa9\x02\xf2\xf6\xe2\xcd\x9f\xf6\x83\xeb\xba_6\xfdR\xd0\x8d\xc1\xf6.$w\xab|*`\x11H+^\xbb\x8ar\xb1\x8ec\xec,\xd5\xfd,\xce`\x9f\x92\xb4\xbe\x06?\xaa\x16Q\x94\x15\xbe\x80E\x9c\x93Hq?<(+\xceb0\xcc\xad\xdd\x1c\xee\x19\x1b\x91Z\x85\xb7\x04\xe7\xaf\xe0W,G\xc8\xc0\xbcR\x90\x17\x19@m\xa5\x19\x16i\xc8\x99)\xa5\xb0\xba\xbc\xe0rV\x06\xd0B\x0f\xcdF\xbc\x8e\x8a^%8k\x849S\x15=kxS\x1c\xc1\xdaT\x9c\b\xb6\xd8\xa0st~\xf1\x93\xb8\xba\xa5gV\x18F\x8f\xe4b\xdc\x19_P\x81\xa4\xc3\\g\x11\xd1\xc8 U\xba\x03\xc9\xf17\x88\r\xb99]\xdfM\xc8AQB\xc3\xf0\xf7t\xee\x95&w\xc3;', &(0x7f0000000180), 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000003c0)='\x00', &(0x7f0000000780)='(!\xef(.(\\-]\x00\xf6\x02Bd\x96U\xb5jQ\x17\xa88\x9e>\x9c\x8f\fk\n:QdD87N\xbcQ\x19\x93*I\xa1\xbcF\x00\x04Eb\xff4\xff$\x85p\xff*\xb7\x8e\xcdu)H\xf5\x15d\xc2\xa6!\xf4\x155\x8d\xe2\xe4oE\xf0c\x93\xbd\xb3;\x9c\xff)\x95\xa2\x9b\xe7\xfe\xf9\n\tw\x1c\xbf\x0f\\\x06\xa0e\x02\xa5\xb9\b', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000a40)='^,/\x00', &(0x7f0000000a80)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000280)='\x1c@\\\x00', &(0x7f00000002c0)='\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000300)='\xe7', &(0x7f0000000340)='\x00', 0x0)
close(r0)

6.94167863s ago: executing program 0 (id=3993):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0xfffffffe})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
accept4(r1, 0x0, &(0x7f0000000080), 0x80000)
epoll_create(0xfff)
syz_open_dev$radio(&(0x7f00000000c0), 0x2, 0x2)

6.659322932s ago: executing program 0 (id=3994):
r0 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, 0x0)

6.593768311s ago: executing program 2 (id=3995):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r0, &(0x7f0000000580)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @remote, 0x9}, 0x1c, 0x0, 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918"], 0x590}}], 0x1, 0x8008801)
sendmmsg$inet6(r0, &(0x7f0000001f80)=[{{0x0, 0x0, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000100)}], 0x2}}], 0x1, 0x0)

6.45737793s ago: executing program 3 (id=3996):
r0 = msgget$private(0x0, 0x480)
msgsnd(r0, &(0x7f0000000980)={0x1}, 0x8, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a8020000", @ANYRES16=r3, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r2], 0x2a8}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000)

6.270538834s ago: executing program 0 (id=3997):
r0 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$IPSET_CMD_GET_BYNAME(0xffffffffffffffff, 0x0, 0xc004004)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x1, 0x401, 0x0, 0x92, 0x55, 0x8, 0x1000006, 0x4}, 0x0)
fanotify_init(0xa00, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f9, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r4, 0x0, 0x0, 0x0, 0x0, 0x1})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r4, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000})
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x6c, 0x0, 0x1, 0x0, 0x8, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4, 0x2, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r5 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x40202, 0x0)
sendfile(r5, r5, 0x0, 0x4800000009)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000200)='source', &(0x7f0000000000)='\\/\xe9\x838\x9d<\f\x91\a\xd4$\xae$\x91&6n @\xf4M\xba\xf2<\xd6A\xdb\xd7\xbeY@g\xcc\xca\n@\x06\xa3\xfe%\x11\xc9\xc5\xc4\x96\xb7b\xa7\x15R.\xa3`fd\xdc\x8b\x18rBl{\x82\\/A\x17\n\f\xcd=\'\x11\x1bZ\x8e\xb1\xc3j$v\xefw\x96\\\xff\xa2\xfc\xe3\xb8\xc7\x0f\xaaQ\x98F*T\xd5\xcd4g+\xbd\xd1\xe0R\x9d\x18\x19a:\xa2\xdf\xbe\x8b\x89\x81', 0x0)
socket$kcm(0x11, 0x3, 0x0)

6.245779037s ago: executing program 2 (id=3998):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000180)=0x6, 0x4)
setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000140)=0x400030, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000000000)={@multicast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x0, 0x0, @val=0x80}}}}}}}, 0x0)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r1, 0x8993, &(0x7f0000000080)={'bond0\x00', &(0x7f00000000c0)=@ethtool_coalesce={0xe, 0xf1, 0x200, 0x9, 0x2, 0x0, 0x7f, 0x80000001, 0x5, 0x4, 0x2, 0x1, 0x570, 0x4, 0x3, 0xa5, 0x5, 0x4, 0xff, 0x452, 0x1000, 0xb, 0x4}})

6.095437541s ago: executing program 3 (id=3999):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x8000194)

5.901554664s ago: executing program 3 (id=4000):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x60, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x9, 0x7fffffff}, @IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_MODE={0x8}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x60}, 0x1, 0x4000000}, 0x8000)

5.821984778s ago: executing program 1 (id=4001):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
r2 = socket(0x11, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'vcan0\x00', <r4=>0x0})
bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000240)=0x4e6f, 0x4)
sendmsg$netlink(r2, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540), 0x0, 0x0, 0x0, 0x4000}, 0x1)
setsockopt$sock_int(r1, 0x1, 0x3c, 0x0, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000600)={@in={{0x2, 0x4e20, @loopback}}, 0x0, 0x0, 0x3b, 0x0, "9ded9d61b06dc81d103e0f6900b695edeff80e01663328c082467cf0b42433fa4d47dd6a7ee2e05eba7dfa68546306f79be4052eb940143e88471c090e7c9ac0a4089613564c75d3a57acf6eb249f175"}, 0xd8)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
fcntl$setstatus(r0, 0x4, 0x40800)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0xffffffe8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r5, r5, 0x0)
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r8, &(0x7f00000034c0)={0x2020}, 0xcac)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x10, 0x0, &(0x7f00000001c0)=[@request_death={0x400c630e, 0x1}], 0x0, 0x0, 0x0})
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r9, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @loopback, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
shutdown(r9, 0x1)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r10, 0x2000009)
sendfile(r0, r10, 0x0, 0x7ffff004)
userfaultfd(0x80000)

5.793215263s ago: executing program 2 (id=4002):
r0 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d800010906438346d9d1608909040000010300000209210500000122050009058103f2d7f0cbe9846ed600"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="002212"], 0x0}, 0x0)
syz_usb_ep_write(r1, 0x81, 0x0, 0x0)
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r2, 0x707, &(0x7f0000000440)={&(0x7f00000003c0)=[{0x29f, 0x200, 0x0, 0x0}, {0x4, 0x6000, 0x0, 0x0}], 0x2})

5.683254488s ago: executing program 4 (id=4003):
r0 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000001c0)='fuseblk\x00', &(0x7f0000000200)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000580)='\xc1J\xaf\xfd,\x86\xbc\xa9\x02\xf2\xf6\xe2\xcd\x9f\xf6\x83\xeb\xba_6\xfdR\xd0\x8d\xc1\xf6.$w\xab|*`\x11H+^\xbb\x8ar\xb1\x8ec\xec,\xd5\xfd,\xce`\x9f\x92\xb4\xbe\x06?\xaa\x16Q\x94\x15\xbe\x80E\x9c\x93Hq?<(+\xceb0\xcc\xad\xdd\x1c\xee\x19\x1b\x91Z\x85\xb7\x04\xe7\xaf\xe0W,G\xc8\xc0\xbcR\x90\x17\x19@m\xa5\x19\x16i\xc8\x99)\xa5\xb0\xba\xbc\xe0rV\x06\xd0B\x0f\xcdF\xbc\x8e\x8a^%8k\x849S\x15=kxS\x1c\xc1\xdaT\x9c\b\xb6\xd8\xa0st~\xf1\x93\xb8\xba\xa5gV\x18F\x8f\xe4b\xdc\x19_P\x81\xa4\xc3\\g\x11\xd1\xc8 U\xba\x03\xc9\xf17\x88\r\xb99]\xdfM\xc8AQB\xc3\xf0\xf7t\xee\x95&w\xc3;', &(0x7f0000000180), 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000003c0)='\x00', &(0x7f0000000780)='(!\xef(.(\\-]\x00\xf6\x02Bd\x96U\xb5jQ\x17\xa88\x9e>\x9c\x8f\fk\n:QdD87N\xbcQ\x19\x93*I\xa1\xbcF\x00\x04Eb\xff4\xff$\x85p\xff*\xb7\x8e\xcdu)H\xf5\x15d\xc2\xa6!\xf4\x155\x8d\xe2\xe4oE\xf0c\x93\xbd\xb3;\x9c\xff)\x95\xa2\x9b\xe7\xfe\xf9\n\tw\x1c\xbf\x0f\\\x06\xa0e\x02\xa5\xb9\b', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000a40)='^,/\x00', &(0x7f0000000a80)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000280)='\x1c@\\\x00', &(0x7f00000002c0)='\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000300)='\xe7', &(0x7f0000000340)='\x00', 0x0)
close(r0)

5.681885955s ago: executing program 3 (id=4004):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x18d7, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, 0x25b}, 0x0, &(0x7f0000ffe000))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x20000000)
r2 = socket(0x840000000002, 0x3, 0xfa)
getsockname$inet(r2, 0x0, &(0x7f0000002280))
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r3, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x0, 0x3, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = syz_open_dev$vim2m(&(0x7f0000000100), 0x80000000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
unshare(0x62040200)
syz_usb_connect(0x0, 0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="120100005520f010402038b14201040000010902"], 0x0)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r7, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r6, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r7, 0x0, <r8=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r6, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r8, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r6, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r8, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})
ioctl$IOMMU_IOAS_UNMAP$ALL(r6, 0x3b86, &(0x7f0000000240)={0x18, r7})
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r5, 0x29, 0x41, &(0x7f0000000440)={'filter\x00', 0x4, [{}, {}, {}, {}]}, 0x68)
r9 = fsopen(&(0x7f0000000000)='f2fs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f00000000c0)='test_dummy_e{cryption', &(0x7f0000000040)='vto_da_allos\x00\xe9\x82\xdb ', 0x0)

5.334999488s ago: executing program 1 (id=4005):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg(r1, 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r2, 0x40305652, &(0x7f0000000000)={0x0, 0x1, 0x8000, 0x0, 0x0, 0x8fc3, 0x1010001})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000780)={'dummy0\x00', <r5=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd6000000000002d9300000c00018008000100", @ANYRES32=r5], 0x20}, 0x1, 0x0, 0x0, 0xd4}, 0x24008000)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
openat$procfs(0xffffff9c, &(0x7f00000001c0)='/proc/sysvipc/msg\x00', 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="050001000000fddbdf250600000008000300", @ANYRES32=r8, @ANYBLOB="08258534410121135745000500faff0000"], 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="a7000000052250bd"], &(0x7f00000000c0)='GPL\x00', 0x7}, 0x94)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000100000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}}, 0x0)
ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000000)={'ipvlan1\x00', {0x2, 0x0, @broadcast=0xac141436}})
syz_usb_connect(0x0, 0x8, &(0x7f0000000880)=ANY=[@ANYBLOB="120110036fff5c20b40b0d0a9ce801020301090212000102081003090492020050eab70087c8c748f790b42580cd0273639344417e75bfc8071c4ca166478a4e3a42f3e89872a4d8cb7824de537ebc056496b28e06857fc98949acdc783dcae4941b5227a3ecf49314c0ec50c979f0dab7ad5bc3ae030186003020e583cdd13b940fe653902c5c8a48c38f5f25a158a4e3a92a161d7bf2bc24dacab09edfab5ed4dfa8a3a924f99288958fefb6c0cce764b47b9815950e9d1766269abc0ba164c21e566c5cab7d"], 0x0)
r10 = syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0xe0}, &(0x7f0000000100)=<r11=>0x0, &(0x7f00000007c0)=<r12=>0x0)
syz_io_uring_submit(r11, r12, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x3, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="1a", 0x38}, {0x0}], 0x2})
io_uring_enter(r10, 0x4d10, 0x2, 0x2, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x6, 0x8b, 0x8}, {0x404a, 0x80, 0x7}]})

5.231556801s ago: executing program 4 (id=4006):
io_uring_setup(0x78c, &(0x7f0000001400)={0x0, 0x30c1, 0x10, 0x1, 0xca})
syz_io_uring_setup(0xd19, &(0x7f0000000180)={0x0, 0x6b8a, 0x8, 0x1, 0x3cc}, &(0x7f0000001480)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
pread64(r2, &(0x7f00000000c0)=""/4082, 0xff2, 0x7)
symlinkat(&(0x7f0000000340)='./file0\x00', r2, &(0x7f0000000380)='./file0\x00')
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r3, 0xc0045520, &(0x7f00000001c0)=0xffffbf7f)
r4 = syz_open_procfs(0x0, &(0x7f00000014c0)='net/raw6\x00')
preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/218, 0xda}], 0x1, 0x9, 0x3)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x75db35c111f1a6cc, 0xe, &(0x7f0000000880)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000240)={0x2, 0x0, 0x0, 0x4}, 0x10, 0x0, r2}, 0x94)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f00000003c0)={0x7f, 0x2, 0x1, 0xd, 0x140})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
clock_gettime(0x0, &(0x7f0000001300))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r6 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x9840)
ioctl$SG_IO(r6, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffb, 0x6, 0x1, @buffer={0x300, 0x56, &(0x7f0000000440)=""/86}, &(0x7f0000000000)="46a1a0995a02", 0x0, 0x0, 0x14, 0x0, 0x0})
clock_gettime(0x0, &(0x7f0000001340))
r7 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000140)={0x2, @pix={0x1, 0x3ff, 0x32315559, 0x8, 0x203, 0x2, 0x7, 0x6, 0x1, 0x2, 0x1, 0x1}})
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, 0xffffffffffffffff, 0x80, &(0x7f00000000c0)=@in6={0xa, 0x4e21, 0x52, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x8}})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
r8 = syz_open_dev$sndpcmc(&(0x7f0000000240), 0x0, 0x0)
io_setup(0x1, &(0x7f0000000000)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f0000001380)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0}])
r10 = fsopen(&(0x7f0000000040)='v7\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(:2', 0x0)
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000010c0)='net/netfilter\x00')
readv(r11, &(0x7f0000001280)=[{&(0x7f0000001100)=""/89, 0x59}, {&(0x7f0000001180)=""/120, 0x78}, {&(0x7f0000001200)=""/90, 0x5a}], 0x3)

1.501157328s ago: executing program 0 (id=4007):
r0 = syz_usb_connect(0x1, 0x24, &(0x7f0000000600)=ANY=[], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_connect$uac1(0x3, 0xfe, &(0x7f0000000400)=ANY=[@ANYBLOB="12011003000000206b1d01014000010203010902ec0003010100010904000000010100000a240100000702010209240506072698e2180b240802010000a613f5b30c240205ff01020c080004050b2407040300060aba5a100c2402060302051f0700810309dd399dfe3c2304010000010200000904010101010200000e24020108021007f9bbc6d29be60a2402010702040965c409050109400009057f072501800406000904020000010200000904020101010200000a2402010d01070f794d0724010502070009240202080005000911240202030004000051fa566cbd3f337e08240201090100000b240201cb040300cb382e09058209600614030607250102070104"], &(0x7f00000002c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x300, 0x0, 0xf, 0xed, 0x20, 0xf8}, 0xb7, &(0x7f0000000140)=ANY=[@ANYBLOB="050fb7000603100b0710020819b3218f1004439dc5d0021c95a3ad06187ec90d3f507e77b908000000000000004d3101f65a2e0d085ebbed388e64e404ddb7d8055a5b28527c972a06e5250f47eae3128aa008fa9d716bf0afce7a5b1ff72dfd48225e47156c67f747ea7130ece46621902906fb7679312bbcaea5b9cd62e6db9212a216a9be2a93a51e9aef884b3bbb9ed91369af2febad75bbf7871e120b11010800000a828d000203100b0b10010200003c0706000e"], 0x2, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x458}}, {0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="4a7a03ecb7c47a8c4819d804b45d3dd5e7e36c49c56ec811dbb4caa1aaa10094d98c2f34b45a28324765cc67ae05af1e52c2ea9bfe4f4e121fea5c10ec12666a6bfb2a406ea0434f042f96ca5b331025ea11dbda23078c7ea48bb4b1b7bd70bfaee4d25b488a2b593e96f046adb2478507d0556cf08f9ae46b2ff81b40c3b16b39d48ea8fa281df4ed545c390a0ec1cdf42c107c8fb8cd54d69c5195acec0781625ec7cd77719b421fb3125e0fc50ccfd335065bd19c0a2ebb859e941c61b1d4"]}]})
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=<r2=>0x0, &(0x7f00000005c0)=<r3=>0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22}, 0x94)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_FADVISE={0x18, 0x28, 0x0, @fd, 0x8, 0x0, 0x8})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={r6, @in6={{0xa, 0x4e23, 0xb, @empty, 0x430}}, 0xa68, 0x2, 0x0, 0x6, 0xc3, 0x7f, 0xac}, &(0x7f0000000240)=0x9c)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

1.275308687s ago: executing program 2 (id=4008):
r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000700)=ANY=[@ANYRES64, @ANYRES8=0x0, @ANYRES64=r0, @ANYBLOB="98218727f7e1084a6dda805831605231474402e23e3db061a6df58e217d423ab6f645335bebe33ee162519112fb671d01d05a7958bc2d26157b932aac02dfaa3907f7e4eecad98cab6bc875b1c4ad5c42e3bcf", @ANYBLOB="a3a54c5a9e00b9870cc0067781d6f6cfa981689df40f888f78a6bd8468dffeb854e9b48a73c5dab30e29e1dad0e7afe651649f8105389af6d555c43c12b3bf439171c14cef07553df19d9844644059caa3658550ff1c7a71b97815d6945a5f412127e103f6eec2d1904a5663f20daad226a3249bfaf428ca18f23c7603f0d05af0d117e0affff6f6da7d9ccffdd71996f773b45ced43fcc891bf2871d6fb2d65717478bde72156826430e7ab894a90d7110c4fdfb3272323b2ec3bab7a95cb5dc098304fb70357aead1d598bec7502911d233bc99874f601e6c3437213c113924fca0d42b7a5898d1a154f0544b1df410ac5182dcd6314df1587f1ce06a59150fe3d30e5cb4d3f1ea2c6a1e59edc43fc45ab00317e33bf5520747b9a3d77e19a8b7cb60b029e0ab33ba728777c660e64fa2b75336888337e7e72a699237aaf858841882e6db86df5b28688d4216b529a9dfd8b3c688c8f02625c275b3502d88f5945314a5b34cd837d7d11c94c76875790abc1af034907f631f1deb668c7f88344648999ebf74e2de707ad71f66b213ea6c0c2a8c52f2730ff18"])
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000040)={0x32b, @tick=0x440, 0xff, {}, 0x0, 0x0, 0xfb})
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a85352, &(0x7f0000000080)={{0x52, 0x7f}, 'port1\x00', 0x10, 0x80000, 0xba6d, 0x1, 0x81, 0x10000, 0x3, 0x0, 0x2, 0x59})

1.274827864s ago: executing program 4 (id=4009):
r0 = msgget$private(0x0, 0x480)
msgsnd(r0, &(0x7f0000000980)={0x1}, 0x8, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a8020000", @ANYRES16=r3, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r2], 0x2a8}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000)

1.22620444s ago: executing program 1 (id=4010):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x8000194)

1.033790035s ago: executing program 1 (id=4011):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local, 0x1})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
bpf$MAP_CREATE(0xc00000000000018, &(0x7f0000000200)=ANY=[], 0x50)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
r5 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r5, 0xc040565f, &(0x7f0000000940)={0xa, 0x1, 0x7, {0x8000, 0x1000, 0x4, 0x6}})
syz_emit_ethernet(0x1fc, &(0x7f0000001600)=ANY=[], 0x0)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, &(0x7f0000000000)='bridge0\x00')
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000002c0)={0x2, @vbi={0x4, 0x5, 0x100, 0x47504a4d, [0x200, 0x7], [0x4f, 0x2], 0x1}})
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
r6 = syz_open_dev$vim2m(0x0, 0x40000000e, 0x2)
writev(r6, &(0x7f0000000800)=[{0x0}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000001440)={0x1, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1}, 0x94)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x4f, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6c2d01000019840100000000f8ffffff0000ffff0a010102fe8000000000000000000000000000aaa5ba94e385673ccfd3fe184ab0643975bcc85fbf438632261b"], 0x0)
pread64(0xffffffffffffffff, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x20005e, 0x0, 0x9, 0x4})
openat$vmci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)

79.132228ms ago: executing program 4 (id=4012):
mq_unlink(&(0x7f0000000140)='/:-\x00')
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000036571a20cd0c8000fe67010203010902120001000000000904"], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f00000000c0)={0x34, &(0x7f0000000440)=ANY=[@ANYBLOB="001408000000eb9a47809bf97af0"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, &(0x7f0000000340)={0x14, &(0x7f0000000640)=ANY=[@ANYBLOB="0d020095821adbc50e429445c24d2a170c65332b3a498ae7b57171b92e1489c245a8b7454a5ba890aed0e72d55b9be5320fcabe9cea0a62c02c5692ac0b1686c999fe646daa8585757c034fdaecb5444721b5275efa4a02de8689580513907258b456210ec5355a0274d9af76a50b87eb652087495929f206ba4ba1c247472a22ee986f1a907e07ba8622cf14ac29c55df78dc1bee83de91e65acec99f44c61b1510ca0000000075072b328d95842e6db14dc1faddb7d9be6bc50892b7ad9a65151b93af27048754d8b2"], &(0x7f0000000500)=ANY=[@ANYBLOB="00030200000002035c58fa3b34ff7707a40d47797d20aa62f86d9f1ca97472c3ef050f8e3c8b846ec77daa2d572886d77ef12627b8a59b309e86e1a659b1309b89da19d472362f30f7a65283680403b78c74d3698d154d0be86b2d1b7a9be5a2fc61895afe9246d4d62b3a"]}, &(0x7f0000000600)={0x34, 0x0, &(0x7f0000000480)={0x0, 0xa, 0x0, 0x5}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000380)=ANY=[@ANYBLOB="2000b400000000b23b9add4bcd003fe8cd633fd64ebeb5d403366bee4c242cef7ea177f0bcb73dce836001bde1fea6d51a275ed0036c305c5ef9f451cdaf58bdaeb446fea674ada062eb99cfca96197ba380d2a80e0b5518ea5adc08b09a0a4ddc05d0584048237f64f106f0f5cf9168f68c4f61f006fd567fd67111e6d9efd16d54eb78afc5269eb4af7b7672fe368df00bdde58687e948c852f61b5f7050d86a2f0bd4fb8a068a977a324605ed4ca13028f0344dedd8352374"], &(0x7f0000000580)={0x20, 0x1, 0x1, 0x9}, &(0x7f00000005c0)={0x20, 0x0, 0x1, 0x8e}})
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c80)=ANY=[@ANYRESHEX=0x0], 0xc0}, 0x1, 0x0, 0x0, 0x71}, 0x20000000)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="1400000010000100000000000000f5ff0000000a3c000000120a01020000000000000000020000000900020073797a310800000008000440000000010900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x4c040)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2716, 0x0, &(0x7f0000000000))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1000000)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000003380))
r5 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f00000001c0)={0x0, r5})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNGETFILTER(r6, 0x801054db, 0x0)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000080)={0x0, r5})
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYRES16, @ANYRES16=r0, @ANYRES64=r5, @ANYRESDEC=0x0, @ANYRESDEC=0x0, @ANYRES64=r0], 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x4801)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a090400000000000000000200fffe0900020073797a32000000000900010073797a30000000004c00048024000180090001006d65746100000000140002800800014000000001080002400000001724000180090001006d617371000000001400028008000240000000080800034000fb"], 0xa0}, 0x1, 0x0, 0x0, 0x24040800}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

0s ago: executing program 0 (id=4013):
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d27", 0x14)
recvmmsg(r0, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@ipv6_newaddr={0x18, 0x14, 0x1}, 0x18}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000001180)=0x2000000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xd, 0x1, 0x0, 0x6, 0x10000, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4}, 0x50)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0xffffffff, 0x400003}, 0x0)
r4 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31)
sendmmsg$inet6(r4, &(0x7f0000002940), 0x40000000000017d, 0x811)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000140)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[], 0xffffffffffffff56}], 0x1, 0x40800)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000100), 0x600800)
write$sndseq(r7, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f4, {}, {}, @raw32={[0x2600]}}], 0xffc8)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
write$sndseq(r8, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @time={0x7ffffffd, 0x4}, {}, {}, @result={0x1f00}}], 0x1c)

kernel console output (not intermixed with test programs):

tor of length 0, skipping remainder of the config
[ 1614.467491][T11705] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1614.494502][T20347] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.3636'.
[ 1614.672296][T20370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1614.692758][T11705] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1614.760075][T20347] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[ 1614.789624][T20370] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1614.792801][T20347] CPU: 1 UID: 0 PID: 20347 Comm: syz.2.3636 Not tainted syzkaller #0 PREEMPT(full) 
[ 1614.792840][T20347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1614.792858][T20347] Call Trace:
[ 1614.792869][T20347]  <TASK>
[ 1614.792881][T20347]  dump_stack_lvl+0x189/0x250
[ 1614.792926][T20347]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1614.792956][T20347]  ? __pfx__printk+0x10/0x10
[ 1614.793000][T20347]  ? kernfs_path_from_node+0x2f/0x290
[ 1614.793031][T20347]  ? kernfs_path_from_node+0x250/0x290
[ 1614.793056][T20347]  ? kernfs_path_from_node+0x2f/0x290
[ 1614.793092][T20347]  sysfs_warn_dup+0x8e/0xa0
[ 1614.793119][T20347]  sysfs_do_create_link_sd+0xc0/0x110
[ 1614.793152][T20347]  device_add_class_symlinks+0x1cf/0x240
[ 1614.793186][T20347]  device_add+0x475/0xb50
[ 1614.793218][T20347]  wiphy_register+0x1ba6/0x28d0
[ 1614.793278][T20347]  ? __pfx_wiphy_register+0x10/0x10
[ 1614.793325][T20347]  ? rtnl_unlock+0x9/0x10
[ 1614.793364][T20347]  ieee80211_register_hw+0x3425/0x4080
[ 1614.793414][T20347]  ? ieee80211_register_hw+0x1451/0x4080
[ 1614.793454][T20347]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1614.793488][T20347]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1614.793534][T20347]  ? __hrtimer_setup+0x187/0x210
[ 1614.793559][T20347]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1614.793623][T20347]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[ 1614.793705][T20347]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1614.793739][T20347]  ? trace_kmalloc+0x1f/0xd0
[ 1614.793770][T20347]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[ 1614.793808][T20347]  ? kstrndup+0xbf/0x160
[ 1614.793847][T20347]  hwsim_new_radio_nl+0xea4/0x1b10
[ 1614.793886][T20347]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1614.793944][T20347]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1614.793996][T20347]  ? __nla_parse+0x40/0x60
[ 1614.794041][T20347]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1614.794086][T20347]  genl_family_rcv_msg_doit+0x212/0x300
[ 1614.794127][T20347]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1614.794177][T20347]  ? bpf_lsm_capable+0x9/0x20
[ 1614.794211][T20347]  ? security_capable+0x7e/0x2e0
[ 1614.794258][T20347]  genl_rcv_msg+0x60e/0x790
[ 1614.794297][T20347]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1614.794326][T20347]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1614.794362][T20347]  ? __asan_memcpy+0x40/0x70
[ 1614.794390][T20347]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1614.794436][T20347]  netlink_rcv_skb+0x208/0x470
[ 1614.794472][T20347]  ? __lock_acquire+0xab9/0xd20
[ 1614.794511][T20347]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1614.794543][T20347]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1614.794606][T20347]  ? down_read+0x1ad/0x2e0
[ 1614.794633][T20347]  genl_rcv+0x28/0x40
[ 1614.794659][T20347]  netlink_unicast+0x82f/0x9e0
[ 1614.794715][T20347]  ? __pfx_netlink_unicast+0x10/0x10
[ 1614.794753][T20347]  ? netlink_sendmsg+0x642/0xb30
[ 1614.794790][T20347]  ? skb_put+0x11b/0x210
[ 1614.794820][T20347]  netlink_sendmsg+0x805/0xb30
[ 1614.794872][T20347]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1614.794917][T20347]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1614.794945][T20347]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1614.794972][T20347]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1614.795012][T20347]  __sock_sendmsg+0x21c/0x270
[ 1614.795052][T20347]  ____sys_sendmsg+0x505/0x830
[ 1614.795088][T20347]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1614.795128][T20347]  ? import_iovec+0x74/0xa0
[ 1614.795163][T20347]  ___sys_sendmsg+0x21f/0x2a0
[ 1614.795194][T20347]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1614.795270][T20347]  ? __fget_files+0x2a/0x420
[ 1614.795308][T20347]  ? __fget_files+0x3a0/0x420
[ 1614.795361][T20347]  __x64_sys_sendmsg+0x19b/0x260
[ 1614.795395][T20347]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1614.795440][T20347]  ? rcu_is_watching+0x15/0xb0
[ 1614.795472][T20347]  ? do_syscall_64+0xbe/0x3b0
[ 1614.795516][T20347]  do_syscall_64+0xfa/0x3b0
[ 1614.795553][T20347]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1614.795589][T20347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1614.795617][T20347]  ? clear_bhb_loop+0x60/0xb0
[ 1614.795649][T20347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1614.795673][T20347] RIP: 0033:0x7fa3fcb8ebe9
[ 1614.795705][T20347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1614.795728][T20347] RSP: 002b:00007fa3fd948038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1614.795757][T20347] RAX: ffffffffffffffda RBX: 00007fa3fcdb5fa0 RCX: 00007fa3fcb8ebe9
[ 1614.795778][T20347] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 000000000000000c
[ 1614.795796][T20347] RBP: 00007fa3fcc11e19 R08: 0000000000000000 R09: 0000000000000000
[ 1614.795813][T20347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1614.795828][T20347] R13: 00007fa3fcdb6038 R14: 00007fa3fcdb5fa0 R15: 00007fa3fcedfa28
[ 1614.795871][T20347]  </TASK>
[ 1615.270388][T11705] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1615.341003][T11715] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 1615.514090][T11705] usb 2-1: config 0 descriptor??
[ 1615.537826][T11705] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1615.550306][T11715] usb 5-1: Using ep0 maxpacket: 16
[ 1615.558898][T11715] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1615.571932][T11715] usb 5-1: config 0 has no interfaces?
[ 1615.577747][T11705] dvb-usb: bulk message failed: -22 (3/0)
[ 1615.585458][T11715] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1615.595695][T11715] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1615.606390][T11715] usb 5-1: Manufacturer: syz
[ 1615.636287][T11715] usb 5-1: config 0 descriptor??
[ 1615.679114][T11705] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1615.760073][T11705] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1616.070690][T11705] usb 2-1: media controller created
[ 1616.081071][T11705] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1616.097844][T20379] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3642'.
[ 1616.159210][T11705] dvb-usb: bulk message failed: -22 (6/0)
[ 1616.186195][T11722] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[ 1616.200889][T11705] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1616.268275][T11705] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input92
[ 1616.292429][T11722] usb 3-1: USB disconnect, device number 64
[ 1616.417200][T11705] dvb-usb: schedule remote query interval to 150 msecs.
[ 1616.658733][T11705] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1616.820505][T11705] dvb-usb: bulk message failed: -22 (1/0)
[ 1616.826754][T11705] dvb-usb: error while querying for an remote control event.
[ 1617.020395][T11705] dvb-usb: bulk message failed: -22 (1/0)
[ 1617.026525][T11705] dvb-usb: error while querying for an remote control event.
[ 1617.205779][T11705] dvb-usb: bulk message failed: -22 (1/0)
[ 1617.218202][T11705] dvb-usb: error while querying for an remote control event.
[ 1617.401061][T20374] dvb-usb: bulk message failed: -22 (1/0)
[ 1617.412240][T20374] dvb-usb: error while querying for an remote control event.
[ 1617.591059][T20374] dvb-usb: bulk message failed: -22 (1/0)
[ 1617.597047][T20374] dvb-usb: error while querying for an remote control event.
[ 1617.652862][T11705] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1617.695376][T20389] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3645'.
[ 1617.760573][T20374] dvb-usb: bulk message failed: -22 (1/0)
[ 1617.767974][T20374] dvb-usb: error while querying for an remote control event.
[ 1617.791269][T11705] usb 3-1: device descriptor read/64, error -71
[ 1617.930572][T20374] dvb-usb: bulk message failed: -22 (1/0)
[ 1617.949955][T20374] dvb-usb: error while querying for an remote control event.
[ 1618.060519][T11705] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[ 1618.140549][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1618.147259][   T10] dvb-usb: error while querying for an remote control event.
[ 1618.210384][T11705] usb 3-1: device descriptor read/64, error -71
[ 1618.331558][T11705] usb usb3-port1: attempt power cycle
[ 1618.359324][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1618.400367][   T10] dvb-usb: error while querying for an remote control event.
[ 1618.497821][T20391] dlm: non-version read from control device 36
[ 1618.560394][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1618.566513][   T10] dvb-usb: error while querying for an remote control event.
[ 1618.710397][T11705] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[ 1618.731649][T11715] usb 5-1: USB disconnect, device number 51
[ 1618.755206][T11705] usb 3-1: device descriptor read/8, error -71
[ 1618.763284][T11720] usb 2-1: USB disconnect, device number 99
[ 1618.832336][T11720] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1619.071003][T11705] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[ 1619.123779][T11705] usb 3-1: device descriptor read/8, error -71
[ 1619.220473][T11720] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[ 1619.235835][T11705] usb usb3-port1: unable to enumerate USB device
[ 1619.303730][T20410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1619.321105][T20410] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1619.341769][T20410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1619.362957][T20410] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1619.394577][T11720] usb 2-1: Using ep0 maxpacket: 16
[ 1619.414121][T11720] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1619.453500][T11720] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1619.487978][T11720] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1619.508371][T11720] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1619.531929][T11720] usb 2-1: Product: syz
[ 1619.543947][T11720] usb 2-1: Manufacturer: syz
[ 1619.557074][T11720] usb 2-1: SerialNumber: syz
[ 1620.013420][T20399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1620.072626][T20412] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1620.082784][T20399] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1620.131468][T20412] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1620.216695][T11720] usb 2-1: 0:2 : does not exist
[ 1620.258227][T20412] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1620.332453][T20412] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1620.364349][T11720] usb 2-1: USB disconnect, device number 100
[ 1620.430067][T20412] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.3653'.
[ 1620.521712][T20412] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[ 1620.547383][T20348] udevd[20348]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1620.582487][T20412] CPU: 1 UID: 0 PID: 20412 Comm: syz.0.3653 Not tainted syzkaller #0 PREEMPT(full) 
[ 1620.582533][T20412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1620.582548][T20412] Call Trace:
[ 1620.582557][T20412]  <TASK>
[ 1620.582567][T20412]  dump_stack_lvl+0x189/0x250
[ 1620.582623][T20412]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1620.582652][T20412]  ? __pfx__printk+0x10/0x10
[ 1620.582691][T20412]  ? kernfs_path_from_node+0x2f/0x290
[ 1620.582726][T20412]  ? kernfs_path_from_node+0x250/0x290
[ 1620.582750][T20412]  ? kernfs_path_from_node+0x2f/0x290
[ 1620.582781][T20412]  sysfs_warn_dup+0x8e/0xa0
[ 1620.582807][T20412]  sysfs_do_create_link_sd+0xc0/0x110
[ 1620.582836][T20412]  device_add_class_symlinks+0x1cf/0x240
[ 1620.582867][T20412]  device_add+0x475/0xb50
[ 1620.582897][T20412]  wiphy_register+0x1ba6/0x28d0
[ 1620.582950][T20412]  ? __pfx_wiphy_register+0x10/0x10
[ 1620.582983][T20412]  ? minstrel_ht_alloc+0x6dd/0x7e0
[ 1620.583025][T20412]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[ 1620.583056][T20412]  ieee80211_register_hw+0x3425/0x4080
[ 1620.583103][T20412]  ? ieee80211_register_hw+0x1451/0x4080
[ 1620.583150][T20412]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1620.583183][T20412]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1620.583224][T20412]  ? __hrtimer_setup+0x187/0x210
[ 1620.583246][T20412]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1620.583285][T20412]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[ 1620.583350][T20412]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1620.583379][T20412]  ? trace_kmalloc+0x1f/0xd0
[ 1620.583406][T20412]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[ 1620.583437][T20412]  ? kstrndup+0xbf/0x160
[ 1620.583477][T20412]  hwsim_new_radio_nl+0xea4/0x1b10
[ 1620.583512][T20412]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1620.583565][T20412]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1620.583612][T20412]  ? __nla_parse+0x40/0x60
[ 1620.583652][T20412]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1620.583692][T20412]  genl_family_rcv_msg_doit+0x212/0x300
[ 1620.583731][T20412]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1620.583775][T20412]  ? bpf_lsm_capable+0x9/0x20
[ 1620.583807][T20412]  ? security_capable+0x7e/0x2e0
[ 1620.583849][T20412]  genl_rcv_msg+0x60e/0x790
[ 1620.583885][T20412]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1620.583912][T20412]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1620.583960][T20412]  netlink_rcv_skb+0x208/0x470
[ 1620.583992][T20412]  ? __lock_acquire+0xab9/0xd20
[ 1620.584028][T20412]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1620.584056][T20412]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1620.584113][T20412]  ? down_read+0x1ad/0x2e0
[ 1620.584147][T20412]  genl_rcv+0x28/0x40
[ 1620.584172][T20412]  netlink_unicast+0x82f/0x9e0
[ 1620.584214][T20412]  ? __pfx_netlink_unicast+0x10/0x10
[ 1620.584248][T20412]  ? netlink_sendmsg+0x642/0xb30
[ 1620.584281][T20412]  ? skb_put+0x11b/0x210
[ 1620.584308][T20412]  netlink_sendmsg+0x805/0xb30
[ 1620.584355][T20412]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1620.584394][T20412]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1620.584419][T20412]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1620.584444][T20412]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1620.584482][T20412]  __sock_sendmsg+0x21c/0x270
[ 1620.584517][T20412]  ____sys_sendmsg+0x505/0x830
[ 1620.584547][T20412]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1620.584580][T20412]  ? import_iovec+0x74/0xa0
[ 1620.584613][T20412]  ___sys_sendmsg+0x21f/0x2a0
[ 1620.584641][T20412]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1620.584708][T20412]  ? __fget_files+0x2a/0x420
[ 1620.584744][T20412]  ? __fget_files+0x3a0/0x420
[ 1620.584792][T20412]  __x64_sys_sendmsg+0x19b/0x260
[ 1620.584822][T20412]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1620.584861][T20412]  ? rcu_is_watching+0x15/0xb0
[ 1620.584892][T20412]  ? do_syscall_64+0xbe/0x3b0
[ 1620.584933][T20412]  do_syscall_64+0xfa/0x3b0
[ 1620.584966][T20412]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1620.585000][T20412]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1620.585024][T20412]  ? clear_bhb_loop+0x60/0xb0
[ 1620.585054][T20412]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1620.585078][T20412] RIP: 0033:0x7fd6d038ebe9
[ 1620.585100][T20412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1620.585121][T20412] RSP: 002b:00007fd6d1205038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1620.585155][T20412] RAX: ffffffffffffffda RBX: 00007fd6d05b5fa0 RCX: 00007fd6d038ebe9
[ 1620.585173][T20412] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 000000000000000c
[ 1620.585189][T20412] RBP: 00007fd6d0411e19 R08: 0000000000000000 R09: 0000000000000000
[ 1620.585204][T20412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1620.585219][T20412] R13: 00007fd6d05b6038 R14: 00007fd6d05b5fa0 R15: 00007fd6d06dfa28
[ 1620.585255][T20412]  </TASK>
[ 1621.084500][T20417] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1621.128732][T20417] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1621.464809][T20432] fuse: Unknown parameter '0xffffffffffffffff'
[ 1621.815875][T20434] tipc: New replicast peer: 255.255.255.255
[ 1621.823474][T20434] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1621.842726][T20434] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3658'.
[ 1621.853315][T20434] tipc: Disabling bearer <udp:syz2>
[ 1622.424937][T11705] usb 5-1: new full-speed USB device number 52 using dummy_hcd
[ 1622.425100][T20441] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3661'.
[ 1622.671614][T20441] netlink: 'syz.3.3661': attribute type 30 has an invalid length.
[ 1622.807451][T11705] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1622.817781][T11705] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1622.919694][T11705] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1622.960034][T11705] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1623.011321][T11705] usb 5-1: config 0 descriptor??
[ 1623.052219][T11705] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1623.059219][T11705] dvb-usb: bulk message failed: -22 (3/0)
[ 1623.120767][T11705] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1623.237592][T11705] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1623.298104][T11705] usb 5-1: media controller created
[ 1623.308562][T11705] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1623.405454][T11705] dvb-usb: bulk message failed: -22 (6/0)
[ 1623.415218][T11705] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1623.550080][T11705] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input93
[ 1623.619233][T11705] dvb-usb: schedule remote query interval to 150 msecs.
[ 1623.685783][T11705] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1623.841421][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1623.847224][   T10] dvb-usb: error while querying for an remote control event.
[ 1624.070603][T20458] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3666'.
[ 1624.080664][T11705] dvb-usb: bulk message failed: -22 (1/0)
[ 1624.086436][T11705] dvb-usb: error while querying for an remote control event.
[ 1624.099259][T11720] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[ 1624.163104][T20458] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3666'.
[ 1624.331164][T11705] dvb-usb: bulk message failed: -22 (1/0)
[ 1624.336965][T11705] dvb-usb: error while querying for an remote control event.
[ 1624.366524][T11720] usb 4-1: Using ep0 maxpacket: 32
[ 1624.413481][T11720] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1624.453256][T11720] usb 4-1: config 128 has an invalid interface number: 127 but max is 3
[ 1624.495275][T11720] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[ 1624.530562][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1624.536519][   T10] dvb-usb: error while querying for an remote control event.
[ 1624.567175][T11720] usb 4-1: config 128 has 1 interface, different from the descriptor's value: 4
[ 1624.589517][T11720] usb 4-1: config 128 has no interface number 0
[ 1624.609810][T11720] usb 4-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 1828, setting to 1024
[ 1624.650263][T11720] usb 4-1: config 128 interface 127 has no altsetting 0
[ 1624.650418][T11705] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[ 1624.684996][T11720] usb 4-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[ 1624.704840][T11720] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1624.720491][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1624.726302][   T10] dvb-usb: error while querying for an remote control event.
[ 1624.832690][T11720] usb 4-1: Product: syz
[ 1624.858092][T20467] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3669'.
[ 1624.868162][T11720] usb 4-1: Manufacturer: syz
[ 1624.878392][T11720] usb 4-1: SerialNumber: syz
[ 1624.892408][T11705] usb 2-1: Using ep0 maxpacket: 16
[ 1624.900405][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1624.908540][T20454] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[ 1624.908918][   T10] dvb-usb: error while querying for an remote control event.
[ 1624.986415][T11705] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1625.019065][T11705] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1625.038944][T11705] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1625.040419][T11722] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1625.068793][T11705] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1625.077917][T11705] usb 2-1: Product: syz
[ 1625.115861][T11705] usb 2-1: Manufacturer: syz
[ 1625.120620][T11705] usb 2-1: SerialNumber: syz
[ 1625.190581][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1625.196387][   T10] dvb-usb: error while querying for an remote control event.
[ 1625.482944][T11722] usb 3-1: Using ep0 maxpacket: 32
[ 1625.506367][T11720] usb 4-1: USB disconnect, device number 85
[ 1625.524608][T11722] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[ 1625.563519][T11722] usb 3-1: config 0 has no interface number 0
[ 1625.596688][T20348] udevd[20348]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1625.613539][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1625.619313][   T10] dvb-usb: error while querying for an remote control event.
[ 1625.640929][T11722] usb 3-1: config 0 interface 12 has no altsetting 0
[ 1625.714727][T11722] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1625.740316][T11722] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1625.748415][T11722] usb 3-1: Product: syz
[ 1625.790480][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1625.820554][   T10] dvb-usb: error while querying for an remote control event.
[ 1625.846656][T20461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1625.865521][   T10] usb 5-1: USB disconnect, device number 52
[ 1625.901128][T20473] input: syz0 as /devices/virtual/input/input94
[ 1625.943418][T11722] usb 3-1: Manufacturer: syz
[ 1625.970727][T20461] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1626.064723][T11722] usb 3-1: SerialNumber: syz
[ 1626.083262][T11705] usb 2-1: 0:2 : does not exist
[ 1626.139780][   T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1626.154470][T11722] usb 3-1: config 0 descriptor??
[ 1626.308088][T20481] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3672'.
[ 1626.348472][T11705] usb 2-1: USB disconnect, device number 101
[ 1626.397275][T20481] netlink: 'syz.3.3672': attribute type 30 has an invalid length.
[ 1626.623404][T20348] udevd[20348]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1627.437549][ T5932] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[ 1627.920265][ T5932] usb 4-1: Using ep0 maxpacket: 8
[ 1627.968040][ T5932] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1628.012009][ T5932] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1628.080806][ T5932] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1628.303888][ T5932] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1628.323943][T11722] f81534 3-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -32
[ 1628.380441][ T5932] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1628.413078][T11722] f81534 3-1:0.12: f81534_find_config_idx: read failed: -32
[ 1628.484141][T11722] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -32
[ 1628.530656][ T5932] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1628.615388][T11722] f81534 3-1:0.12: probe with driver f81534 failed with error -32
[ 1628.637963][ T5932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1628.953164][ T5932] usb 4-1: usb_control_msg returned -32
[ 1628.993221][ T5932] usbtmc 4-1:16.0: can't read capabilities
[ 1629.622800][T11705] usb 3-1: USB disconnect, device number 69
[ 1629.692791][T20501] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3677'.
[ 1629.718674][T20501] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3677'.
[ 1629.758237][T20499] usbtmc 4-1:16.0: usb_clear_halt returned -32
[ 1629.976538][T11722] usb 4-1: USB disconnect, device number 86
[ 1630.134805][T20510] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3680'.
[ 1630.254343][T20513] binder: 20511:20513 unknown command 0
[ 1630.260164][T20513] binder: 20511:20513 ioctl c0306201 200000000080 returned -22
[ 1630.710464][T11720] usb 5-1: new full-speed USB device number 53 using dummy_hcd
[ 1630.834141][T20521] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3683'.
[ 1630.853738][T20521] netlink: 'syz.3.3683': attribute type 30 has an invalid length.
[ 1630.928669][T11720] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1630.941006][T11720] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1630.950057][T11720] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1630.952488][T20523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1630.983223][T20523] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1631.053737][T11720] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1631.091624][T20523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1631.115064][T11720] usb 5-1: config 0 descriptor??
[ 1631.172249][T20523] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1631.185882][T11720] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1631.200568][T11720] dvb-usb: bulk message failed: -22 (3/0)
[ 1631.217670][T11720] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1631.231091][T11720] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1631.238285][T11720] usb 5-1: media controller created
[ 1631.247791][T11720] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1631.462539][T11720] dvb-usb: bulk message failed: -22 (6/0)
[ 1631.510370][T11720] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1631.524286][T11720] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input96
[ 1631.556459][T11720] dvb-usb: schedule remote query interval to 150 msecs.
[ 1631.570343][T11720] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1631.689873][T20533] input: syz0 as /devices/virtual/input/input95
[ 1631.730292][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[ 1631.736367][ T5932] dvb-usb: error while querying for an remote control event.
[ 1632.121310][T20538] binder: 20537:20538 ioctl c0306201 200000000080 returned -14
[ 1632.150926][T11720] dvb-usb: bulk message failed: -22 (1/0)
[ 1632.187780][T11720] dvb-usb: error while querying for an remote control event.
[ 1632.380411][T11720] dvb-usb: bulk message failed: -22 (1/0)
[ 1632.395935][T11720] dvb-usb: error while querying for an remote control event.
[ 1632.467475][T20541] fuse: Bad value for 'group_id'
[ 1632.476567][T20541] fuse: Bad value for 'group_id'
[ 1632.612346][T11720] dvb-usb: bulk message failed: -22 (1/0)
[ 1632.673641][T11720] dvb-usb: error while querying for an remote control event.
[ 1633.202768][T11720] dvb-usb: bulk message failed: -22 (1/0)
[ 1633.251471][T11720] dvb-usb: error while querying for an remote control event.
[ 1633.470264][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[ 1633.476107][ T5932] dvb-usb: error while querying for an remote control event.
[ 1633.600089][T20547] sctp: [Deprecated]: syz.2.3690 (pid 20547) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1633.600089][T20547] Use struct sctp_sack_info instead
[ 1633.630916][T20547] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1633.745955][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[ 1633.751848][ T5932] dvb-usb: error while querying for an remote control event.
[ 1633.915389][T20547] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1633.954220][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[ 1633.960016][ T5932] dvb-usb: error while querying for an remote control event.
[ 1634.065952][T20554] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3691'.
[ 1634.114700][T20554] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3691'.
[ 1634.150354][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[ 1634.156213][ T5932] dvb-usb: error while querying for an remote control event.
[ 1634.228927][T20556] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1634.330379][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[ 1634.336396][ T5932] dvb-usb: error while querying for an remote control event.
[ 1634.500915][T13904] dvb-usb: bulk message failed: -22 (1/0)
[ 1634.506929][T13904] dvb-usb: error while querying for an remote control event.
[ 1634.687564][T13904] dvb-usb: bulk message failed: -22 (1/0)
[ 1634.696358][T13904] dvb-usb: error while querying for an remote control event.
[ 1634.870421][T13904] dvb-usb: bulk message failed: -22 (1/0)
[ 1634.911605][T13904] dvb-usb: error while querying for an remote control event.
[ 1635.133812][T13904] dvb-usb: bulk message failed: -22 (1/0)
[ 1635.139775][T13904] dvb-usb: error while querying for an remote control event.
[ 1635.300960][T13904] dvb-usb: bulk message failed: -22 (1/0)
[ 1635.358046][T13904] dvb-usb: error while querying for an remote control event.
[ 1635.390528][ T5932] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[ 1635.409618][T13904] usb 5-1: USB disconnect, device number 53
[ 1635.488541][T13904] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1635.571668][ T5932] usb 3-1: Using ep0 maxpacket: 8
[ 1635.584300][ T5932] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7
[ 1635.595977][ T5932] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[ 1635.605387][ T5932] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[ 1635.623622][ T5932] usb 3-1: Product: syz
[ 1635.773925][ T5932] usb 3-1: Manufacturer: syz
[ 1635.785542][ T5932] usb 3-1: SerialNumber: syz
[ 1635.815524][T20569] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1635.885600][T20570] CIFS: VFS: Malformed UNC in devname
[ 1636.830324][ T5932] usb 3-1: Invalid connection information received from device
[ 1637.028029][T11705] usb 3-1: USB disconnect, device number 70
[ 1637.889583][T20590] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3703'.
[ 1637.926347][T20593] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3704'.
[ 1637.962466][T20593] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3704'.
[ 1638.324735][T20598] sock: sock_timestamping_bind_phc: sock not bind to device
[ 1638.560449][T20374] usb 2-1: new high-speed USB device number 102 using dummy_hcd
[ 1638.686613][T11705] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[ 1638.714516][T20611] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1638.750574][T20374] usb 2-1: Using ep0 maxpacket: 16
[ 1638.773212][T20374] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1638.783874][T20374] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C
[ 1638.815954][T20374] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7
[ 1638.837262][T20374] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1638.856742][T11705] usb 4-1: Using ep0 maxpacket: 8
[ 1638.919221][T11705] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1638.931189][T11705] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1638.944150][T20612] CIFS: VFS: Malformed UNC in devname
[ 1638.961295][ T5932] usb 3-1: new full-speed USB device number 71 using dummy_hcd
[ 1638.987840][T11705] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1639.006059][T20374] usb 2-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[ 1639.017610][T20374] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1639.200255][T20374] usb 2-1: Product: syz
[ 1639.292223][T11705] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1639.314215][T20374] usb 2-1: Manufacturer: syz
[ 1639.404894][T20374] usb 2-1: SerialNumber: syz
[ 1639.433333][T11705] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1639.460983][T20374] usb 2-1: config 0 descriptor??
[ 1639.495761][T11705] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1639.525306][T11705] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1639.544562][ T5932] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1639.580458][ T5932] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1639.670433][T20374] rc_core: IR keymap rc-xbox-dvd not found
[ 1639.676307][T20374] Registered IR keymap rc-empty
[ 1639.735337][T20374] rc rc0: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 1639.885132][T11705] usb 4-1: usb_control_msg returned -32
[ 1639.892925][T11705] usbtmc 4-1:16.0: can't read capabilities
[ 1639.902778][T20374] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input97
[ 1639.926483][ T5932] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1640.201487][ T5932] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1640.445127][ T5932] usb 3-1: config 0 descriptor??
[ 1640.609394][ T5932] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1640.677598][ T5932] dvb-usb: bulk message failed: -22 (3/0)
[ 1640.795245][ T5932] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1640.838509][ T5932] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1640.848202][ T5932] usb 3-1: media controller created
[ 1641.061685][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1641.350980][ T5932] dvb-usb: bulk message failed: -22 (6/0)
[ 1641.372018][ T5932] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1641.494023][ T5932] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input98
[ 1641.603021][T20625] netlink: 'syz.0.3712': attribute type 11 has an invalid length.
[ 1641.701527][T20616] usbtmc 4-1:16.0: usb_control_msg returned -71
[ 1641.723661][T11705] usb 4-1: USB disconnect, device number 87
[ 1641.790952][ T5932] dvb-usb: schedule remote query interval to 150 msecs.
[ 1641.873037][ T5932] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1642.030376][T13904] dvb-usb: bulk message failed: -22 (1/0)
[ 1642.040714][T13904] dvb-usb: error while querying for an remote control event.
[ 1642.231920][T13904] dvb-usb: bulk message failed: -22 (1/0)
[ 1642.352193][T13904] dvb-usb: error while querying for an remote control event.
[ 1642.587456][T11705] usb 2-1: USB disconnect, device number 102
[ 1642.593615][    C0] xbox_remote 2-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19
[ 1642.606706][T13904] dvb-usb: bulk message failed: -22 (1/0)
[ 1642.656737][T13904] dvb-usb: error while querying for an remote control event.
[ 1642.876654][T13904] dvb-usb: bulk message failed: -22 (1/0)
[ 1642.899308][T13904] dvb-usb: error while querying for an remote control event.
[ 1643.123450][T20646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1643.142417][T20646] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1643.260332][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[ 1643.307888][ T5932] dvb-usb: error while querying for an remote control event.
[ 1643.430453][T11705] usb 2-1: new high-speed USB device number 103 using dummy_hcd
[ 1643.556483][T13904] dvb-usb: bulk message failed: -22 (1/0)
[ 1643.578696][T20651] netlink: 'syz.0.3721': attribute type 11 has an invalid length.
[ 1643.591901][T13904] dvb-usb: error while querying for an remote control event.
[ 1643.600497][T11705] usb 2-1: Using ep0 maxpacket: 16
[ 1643.610073][T11705] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1643.620820][T11705] usb 2-1: config 0 has no interfaces?
[ 1643.649067][T11705] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1643.659756][T11705] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1643.675844][T11705] usb 2-1: Manufacturer: syz
[ 1643.683939][T11705] usb 2-1: config 0 descriptor??
[ 1643.927268][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[ 1643.938755][ T5932] dvb-usb: error while querying for an remote control event.
[ 1644.257095][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[ 1644.266281][ T5932] dvb-usb: error while querying for an remote control event.
[ 1644.441723][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[ 1644.449582][ T5932] dvb-usb: error while querying for an remote control event.
[ 1644.545580][T20374] usb 3-1: USB disconnect, device number 71
[ 1644.606714][T20374] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1644.739225][T20664] FAULT_INJECTION: forcing a failure.
[ 1644.739225][T20664] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1644.804136][T20664] CPU: 0 UID: 0 PID: 20664 Comm: syz.2.3726 Not tainted syzkaller #0 PREEMPT(full) 
[ 1644.804170][T20664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1644.804185][T20664] Call Trace:
[ 1644.804195][T20664]  <TASK>
[ 1644.804206][T20664]  dump_stack_lvl+0x189/0x250
[ 1644.804241][T20664]  ? __pfx____ratelimit+0x10/0x10
[ 1644.804275][T20664]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1644.804303][T20664]  ? __pfx__printk+0x10/0x10
[ 1644.804335][T20664]  ? __might_fault+0xb0/0x130
[ 1644.804380][T20664]  should_fail_ex+0x414/0x560
[ 1644.804417][T20664]  _copy_from_user+0x2d/0xb0
[ 1644.804453][T20664]  get_nodes+0x29c/0x390
[ 1644.804479][T20664]  ? __pfx_get_nodes+0x10/0x10
[ 1644.804513][T20664]  __se_sys_migrate_pages+0xc8/0x650
[ 1644.804549][T20664]  ? __pfx___se_sys_migrate_pages+0x10/0x10
[ 1644.804578][T20664]  ? rcu_is_watching+0x15/0xb0
[ 1644.804608][T20664]  ? do_syscall_64+0xbe/0x3b0
[ 1644.804647][T20664]  do_syscall_64+0xfa/0x3b0
[ 1644.804680][T20664]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1644.804712][T20664]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1644.804736][T20664]  ? clear_bhb_loop+0x60/0xb0
[ 1644.804763][T20664]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1644.804786][T20664] RIP: 0033:0x7fa3fcb8ebe9
[ 1644.804807][T20664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1644.804828][T20664] RSP: 002b:00007fa3fd948038 EFLAGS: 00000246 ORIG_RAX: 0000000000000100
[ 1644.804853][T20664] RAX: ffffffffffffffda RBX: 00007fa3fcdb5fa0 RCX: 00007fa3fcb8ebe9
[ 1644.804871][T20664] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000000
[ 1644.804885][T20664] RBP: 00007fa3fd948090 R08: 0000000000000000 R09: 0000000000000000
[ 1644.804901][T20664] R10: 0000200000000380 R11: 0000000000000246 R12: 0000000000000001
[ 1644.804917][T20664] R13: 00007fa3fcdb6038 R14: 00007fa3fcdb5fa0 R15: 00007fa3fcedfa28
[ 1644.804952][T20664]  </TASK>
[ 1645.410565][  T982] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[ 1645.612717][  T982] usb 4-1: Using ep0 maxpacket: 16
[ 1645.629369][  T982] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1645.643894][  T982] usb 4-1: config 0 has no interfaces?
[ 1645.652802][  T982] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1645.666046][  T982] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1645.676914][  T982] usb 4-1: Manufacturer: syz
[ 1645.689408][  T982] usb 4-1: config 0 descriptor??
[ 1645.905972][T11705] usb 2-1: USB disconnect, device number 103
[ 1646.073212][T20675] kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[ 1646.501704][T20680] netlink: 'syz.2.3729': attribute type 11 has an invalid length.
[ 1647.890466][  T982] usb 4-1: USB disconnect, device number 88
[ 1647.919647][T20684] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[ 1648.168855][T20686] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3731'.
[ 1648.252689][T20686] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3731'.
[ 1649.682999][  T982] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[ 1649.751054][T17593] usb 4-1: new full-speed USB device number 89 using dummy_hcd
[ 1649.842358][  T982] usb 3-1: Using ep0 maxpacket: 16
[ 1649.875214][  T982] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1649.921046][T17593] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1649.931797][T17593] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1649.979418][T17593] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1649.997995][  T982] usb 3-1: config 0 has no interfaces?
[ 1650.023861][T17593] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1650.024252][  T982] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1650.045559][  T982] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1650.069937][T17593] usb 4-1: config 0 descriptor??
[ 1650.093568][T17593] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1650.109956][T17593] dvb-usb: bulk message failed: -22 (3/0)
[ 1650.132834][T17593] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1650.164591][  T982] usb 3-1: Manufacturer: syz
[ 1650.195810][T17593] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1650.209845][  T982] usb 3-1: config 0 descriptor??
[ 1650.229198][T17593] usb 4-1: media controller created
[ 1650.245698][T17593] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1650.323406][T17593] dvb-usb: bulk message failed: -22 (6/0)
[ 1650.647064][T17593] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1653.002463][T17593] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input99
[ 1653.213831][T17593] dvb-usb: schedule remote query interval to 150 msecs.
[ 1653.361840][T17593] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1653.550650][T17593] dvb-usb: bulk message failed: -22 (1/0)
[ 1653.570553][T17593] dvb-usb: error while querying for an remote control event.
[ 1653.759430][T17593] dvb-usb: bulk message failed: -22 (1/0)
[ 1653.770250][T17593] dvb-usb: error while querying for an remote control event.
[ 1653.918130][T20726] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1654.020477][T17593] dvb-usb: bulk message failed: -22 (1/0)
[ 1654.026482][T17593] dvb-usb: error while querying for an remote control event.
[ 1654.327873][T17593] dvb-usb: bulk message failed: -22 (1/0)
[ 1654.337238][T17593] dvb-usb: error while querying for an remote control event.
[ 1654.367167][T20726] CIFS: VFS: Malformed UNC in devname
[ 1654.630487][T17593] dvb-usb: bulk message failed: -22 (1/0)
[ 1654.636313][T17593] dvb-usb: error while querying for an remote control event.
[ 1654.881015][T17593] dvb-usb: bulk message failed: -22 (1/0)
[ 1654.886831][T17593] dvb-usb: error while querying for an remote control event.
[ 1654.895071][  T982] usb 3-1: USB disconnect, device number 72
[ 1655.080685][T17593] dvb-usb: bulk message failed: -22 (1/0)
[ 1655.087138][T17593] dvb-usb: error while querying for an remote control event.
[ 1655.460502][  T982] dvb-usb: bulk message failed: -22 (1/0)
[ 1655.478428][  T982] dvb-usb: error while querying for an remote control event.
[ 1655.706007][T17593] usb 4-1: USB disconnect, device number 89
[ 1655.732590][T20744] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3746'.
[ 1655.750375][T11705] usb 2-1: new high-speed USB device number 104 using dummy_hcd
[ 1655.832071][T20744] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3746'.
[ 1655.932310][T11705] usb 2-1: Using ep0 maxpacket: 32
[ 1655.956100][T11705] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[ 1655.964406][T11705] usb 2-1: config 0 has no interface number 0
[ 1655.972945][T17593] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1656.013482][T11705] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1656.039163][T11705] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1656.090386][T11705] usb 2-1: Product: syz
[ 1656.101498][T11705] usb 2-1: Manufacturer: syz
[ 1656.133680][T11705] usb 2-1: SerialNumber: syz
[ 1656.172869][T11705] usb 2-1: config 0 descriptor??
[ 1656.186760][T11705] smsc95xx v2.0.0
[ 1656.470539][T17593] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[ 1656.597371][T11705] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1656.631894][T11705] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1656.664136][T17593] usb 4-1: Using ep0 maxpacket: 16
[ 1656.679430][T17593] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1656.692124][T17593] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1656.715503][T17593] usb 4-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[ 1656.732306][T17593] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1656.763653][T17593] usb 4-1: config 0 descriptor??
[ 1656.910150][T20755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1656.925299][T20755] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1657.192988][T17593] gt683r_led 0003:1770:FF00.0034: unbalanced delimiter at end of report description
[ 1657.229410][T17593] gt683r_led 0003:1770:FF00.0034: hid parsing failed
[ 1657.404570][T17593] gt683r_led 0003:1770:FF00.0034: probe with driver gt683r_led failed with error -22
[ 1657.960660][T17593] usb 4-1: USB disconnect, device number 90
[ 1658.111709][T13904] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[ 1658.270343][T13904] usb 3-1: Using ep0 maxpacket: 16
[ 1658.340757][T13904] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1658.381880][T13904] usb 3-1: config 0 has no interfaces?
[ 1658.538308][T11705] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[ 1658.550806][T11705] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[ 1658.636562][T13904] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1658.666388][T11705] usb 2-1: USB disconnect, device number 104
[ 1658.690381][T13904] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1658.729956][T13904] usb 3-1: Manufacturer: syz
[ 1658.822148][T13904] usb 3-1: config 0 descriptor??
[ 1659.478073][T20784] tipc: New replicast peer: 255.255.255.255
[ 1659.487993][T20784] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1659.498612][T20784] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3756'.
[ 1659.508480][T20784] tipc: Disabling bearer <udp:syz2>
[ 1661.914548][T13904] usb 3-1: USB disconnect, device number 73
[ 1662.242752][T20802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1662.258648][T20802] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1662.278572][T20802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1662.299558][T20802] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1662.324396][T20805] fanotify: failed to encode fid (type=0, len=0, err=-2)
[ 1662.434126][T20808] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3766'.
[ 1662.459951][T20808] FAULT_INJECTION: forcing a failure.
[ 1662.459951][T20808] name failslab, interval 1, probability 0, space 0, times 0
[ 1662.500968][T20808] CPU: 0 UID: 0 PID: 20808 Comm: syz.2.3766 Not tainted syzkaller #0 PREEMPT(full) 
[ 1662.500991][T20808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1662.501001][T20808] Call Trace:
[ 1662.501007][T20808]  <TASK>
[ 1662.501015][T20808]  dump_stack_lvl+0x189/0x250
[ 1662.501039][T20808]  ? __pfx____ratelimit+0x10/0x10
[ 1662.501063][T20808]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1662.501081][T20808]  ? __pfx__printk+0x10/0x10
[ 1662.501109][T20808]  ? __pfx___might_resched+0x10/0x10
[ 1662.501123][T20808]  ? fs_reclaim_acquire+0x7d/0x100
[ 1662.501151][T20808]  should_fail_ex+0x414/0x560
[ 1662.501177][T20808]  should_failslab+0xa8/0x100
[ 1662.501201][T20808]  __kmalloc_noprof+0xcb/0x4f0
[ 1662.501222][T20808]  ? kfree+0x4d/0x440
[ 1662.501239][T20808]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1662.501259][T20808]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1662.501277][T20808]  ? tomoyo_domain+0xd9/0x130
[ 1662.501298][T20808]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1662.501320][T20808]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1662.501344][T20808]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1662.501379][T20808]  ? __lock_acquire+0xab9/0xd20
[ 1662.501417][T20808]  ? __fget_files+0x2a/0x420
[ 1662.501443][T20808]  ? __fget_files+0x2a/0x420
[ 1662.501471][T20808]  ? __fget_files+0x3a0/0x420
[ 1662.501493][T20808]  ? __fget_files+0x2a/0x420
[ 1662.501520][T20808]  security_file_ioctl+0xcb/0x2d0
[ 1662.501543][T20808]  __se_sys_ioctl+0x47/0x170
[ 1662.501564][T20808]  do_syscall_64+0xfa/0x3b0
[ 1662.501587][T20808]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1662.501609][T20808]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1662.501624][T20808]  ? clear_bhb_loop+0x60/0xb0
[ 1662.501644][T20808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1662.501660][T20808] RIP: 0033:0x7fa3fcb8ebe9
[ 1662.501674][T20808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1662.501688][T20808] RSP: 002b:00007fa3fd948038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1662.501704][T20808] RAX: ffffffffffffffda RBX: 00007fa3fcdb5fa0 RCX: 00007fa3fcb8ebe9
[ 1662.501716][T20808] RDX: 0000200000000180 RSI: 0000000000008916 RDI: 0000000000000006
[ 1662.501727][T20808] RBP: 00007fa3fd948090 R08: 0000000000000000 R09: 0000000000000000
[ 1662.501737][T20808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1662.501746][T20808] R13: 00007fa3fcdb6038 R14: 00007fa3fcdb5fa0 R15: 00007fa3fcedfa28
[ 1662.501776][T20808]  </TASK>
[ 1662.501801][T20808] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1662.796479][T20810] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3767'.
[ 1662.977206][T20812] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3768'.
[ 1663.193198][T20818] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1663.590451][T11705] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 1663.740540][T11705] usb 5-1: Using ep0 maxpacket: 32
[ 1663.765039][T11705] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1663.776211][T11705] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1663.825555][T11705] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1664.130652][T11705] usb 5-1: config 1 has no interface number 0
[ 1664.176137][T11705] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1664.187726][T11705] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1664.201012][T11705] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1664.245939][T11705] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1664.258198][T11705] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1664.280369][T13904] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[ 1664.386141][T11705] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[ 1664.450648][T13904] usb 4-1: Using ep0 maxpacket: 16
[ 1664.508160][T13904] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1664.529875][T13904] usb 4-1: config 0 has no interfaces?
[ 1664.535535][T20839] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3775'.
[ 1664.700045][T13904] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1664.713675][T13904] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1664.723505][T13904] usb 4-1: Manufacturer: syz
[ 1664.739076][T13904] usb 4-1: config 0 descriptor??
[ 1664.941041][T20824] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1665.462552][T11705] snd_usb_pod 5-1:1.1: cannot start listening: -90
[ 1665.472250][T11705] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[ 1665.522981][T11705] snd_usb_pod 5-1:1.1: probe with driver snd_usb_pod failed with error -90
[ 1667.233635][ T5921] usb 5-1: USB disconnect, device number 54
[ 1667.388371][T13904] usb 4-1: USB disconnect, device number 91
[ 1668.228437][T20856] kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[ 1668.729311][T20869] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1668.738787][T20869] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1669.491868][T20877] tipc: Cannot configure node identity twice
[ 1669.573422][   T30] audit: type=1326 audit(1755940552.708:2354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20880 comm="syz.1.3784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f844eb8ebe9 code=0x7ffc0000
[ 1669.679070][   T30] audit: type=1326 audit(1755940552.738:2355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20880 comm="syz.1.3784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f844eb8ebe9 code=0x7ffc0000
[ 1669.701658][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1669.860569][T11705] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[ 1669.996937][   T30] audit: type=1326 audit(1755940552.738:2356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20880 comm="syz.1.3784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f844eb8ebe9 code=0x7ffc0000
[ 1670.019454][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1670.068540][T11705] usb 3-1: Using ep0 maxpacket: 8
[ 1670.106707][   T30] audit: type=1326 audit(1755940552.738:2357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20880 comm="syz.1.3784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f844eb8ebe9 code=0x7ffc0000
[ 1670.144069][   T30] audit: type=1326 audit(1755940552.738:2358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20880 comm="syz.1.3784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f844eb8ebe9 code=0x7ffc0000
[ 1670.166538][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1670.235778][   T30] audit: type=1326 audit(1755940552.738:2359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20880 comm="syz.1.3784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f844eb8ebe9 code=0x7ffc0000
[ 1670.244205][T11705] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 1670.503814][T20887] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1670.547360][T11705] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[ 1670.568361][T20888] CIFS: VFS: Malformed UNC in devname
[ 1670.744402][T11705] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1670.758197][T11705] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1670.768623][T11705] usb 3-1: config 168 interface 0 altsetting 188 has 1 endpoint descriptor, different from the interface descriptor's value: 100
[ 1670.786766][T20890] netlink: 'syz.3.3787': attribute type 10 has an invalid length.
[ 1671.054216][   T30] audit: type=1326 audit(1755940552.748:2360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20880 comm="syz.1.3784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f844eb8ebe9 code=0x7ffc0000
[ 1671.177164][   T30] audit: type=1326 audit(1755940552.748:2361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20880 comm="syz.1.3784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f844eb8ebe9 code=0x7ffc0000
[ 1671.199803][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1671.240734][T20890] veth1_vlan: entered allmulticast mode
[ 1671.404890][T20890] veth1_vlan: left promiscuous mode
[ 1671.410274][T11705] usb 3-1: config 168 interface 0 has no altsetting 0
[ 1671.501064][T11705] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 1671.518095][T20890] team0: Device veth1_vlan failed to register rx_handler
[ 1671.520080][T11705] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[ 1671.525879][   T30] audit: type=1326 audit(1755940552.748:2362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20880 comm="syz.1.3784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f844eb8d550 code=0x7ffc0000
[ 1671.570341][   T30] audit: type=1326 audit(1755940552.748:2363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20880 comm="syz.1.3784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f844eb8ebe9 code=0x7ffc0000
[ 1671.649716][T11705] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1671.730343][T11705] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1671.810030][T11705] usb 3-1: config 168 interface 0 altsetting 188 has 1 endpoint descriptor, different from the interface descriptor's value: 100
[ 1671.912263][T11705] usb 3-1: config 168 interface 0 has no altsetting 0
[ 1671.926274][T11705] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 1671.940251][T11705] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[ 1671.967648][T11705] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1672.301847][T11705] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1672.312439][T11705] usb 3-1: config 168 interface 0 altsetting 188 has 1 endpoint descriptor, different from the interface descriptor's value: 100
[ 1672.326064][T11705] usb 3-1: config 168 interface 0 has no altsetting 0
[ 1672.334934][T11705] usb 3-1: string descriptor 0 read error: -71
[ 1672.341566][T11705] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1672.351190][T11705] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1672.370515][T11705] usb 3-1: can't set config #168, error -71
[ 1672.467843][T17593] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 1672.996688][T17593] usb 5-1: Using ep0 maxpacket: 16
[ 1673.113434][T17593] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1673.237804][T20917] binder: 20916:20917 unknown command 0
[ 1673.264428][T20917] binder: 20916:20917 ioctl c0306201 200000000080 returned -22
[ 1673.522244][T11705] usb 3-1: USB disconnect, device number 74
[ 1673.540406][T17593] usb 5-1: config 0 has no interfaces?
[ 1673.580499][T17593] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1673.603046][T17593] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1673.636839][T17593] usb 5-1: Manufacturer: syz
[ 1673.657621][T20923] FAULT_INJECTION: forcing a failure.
[ 1673.657621][T20923] name failslab, interval 1, probability 0, space 0, times 0
[ 1673.683159][T17593] usb 5-1: config 0 descriptor??
[ 1673.702172][T20923] CPU: 1 UID: 0 PID: 20923 Comm: syz.0.3795 Not tainted syzkaller #0 PREEMPT(full) 
[ 1673.702195][T20923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1673.702206][T20923] Call Trace:
[ 1673.702214][T20923]  <TASK>
[ 1673.702222][T20923]  dump_stack_lvl+0x189/0x250
[ 1673.702246][T20923]  ? __pfx____ratelimit+0x10/0x10
[ 1673.702270][T20923]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1673.702289][T20923]  ? __pfx__printk+0x10/0x10
[ 1673.702316][T20923]  ? __pfx___might_resched+0x10/0x10
[ 1673.702331][T20923]  ? fs_reclaim_acquire+0x7d/0x100
[ 1673.702360][T20923]  should_fail_ex+0x414/0x560
[ 1673.702385][T20923]  should_failslab+0xa8/0x100
[ 1673.702410][T20923]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1673.702432][T20923]  ? rtnl_newlink+0xed/0x1c70
[ 1673.702459][T20923]  rtnl_newlink+0xed/0x1c70
[ 1673.702493][T20923]  ? __lock_acquire+0xab9/0xd20
[ 1673.702526][T20923]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1673.702560][T20923]  ? is_bpf_text_address+0x26/0x2b0
[ 1673.702589][T20923]  ? __lock_acquire+0xab9/0xd20
[ 1673.702622][T20923]  ? __lock_acquire+0xab9/0xd20
[ 1673.702660][T20923]  ? is_bpf_text_address+0x26/0x2b0
[ 1673.702687][T20923]  ? is_bpf_text_address+0x292/0x2b0
[ 1673.702710][T20923]  ? is_bpf_text_address+0x26/0x2b0
[ 1673.702740][T20923]  ? __lock_acquire+0xab9/0xd20
[ 1673.702781][T20923]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1673.702804][T20923]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 1673.702827][T20923]  ? __lock_acquire+0xab9/0xd20
[ 1673.702883][T20923]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1673.702920][T20923]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1673.702973][T20923]  netlink_rcv_skb+0x208/0x470
[ 1673.703004][T20923]  ? __lock_acquire+0xab9/0xd20
[ 1673.703036][T20923]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1673.703070][T20923]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1673.703113][T20923]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1673.703156][T20923]  netlink_unicast+0x82f/0x9e0
[ 1673.703197][T20923]  ? __pfx_netlink_unicast+0x10/0x10
[ 1673.703229][T20923]  ? netlink_sendmsg+0x642/0xb30
[ 1673.703261][T20923]  ? skb_put+0x11b/0x210
[ 1673.703286][T20923]  netlink_sendmsg+0x805/0xb30
[ 1673.703331][T20923]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1673.703369][T20923]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1673.703393][T20923]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1673.703418][T20923]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1673.703453][T20923]  __sock_sendmsg+0x21c/0x270
[ 1673.703485][T20923]  ____sys_sendmsg+0x505/0x830
[ 1673.703517][T20923]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1673.703552][T20923]  ? import_iovec+0x74/0xa0
[ 1673.703583][T20923]  ___sys_sendmsg+0x21f/0x2a0
[ 1673.703611][T20923]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1673.703674][T20923]  ? __fget_files+0x2a/0x420
[ 1673.703708][T20923]  ? __fget_files+0x3a0/0x420
[ 1673.703753][T20923]  __x64_sys_sendmsg+0x19b/0x260
[ 1673.703781][T20923]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1673.703817][T20923]  ? __pfx_ksys_write+0x10/0x10
[ 1673.703844][T20923]  ? rcu_is_watching+0x15/0xb0
[ 1673.703882][T20923]  ? do_syscall_64+0xbe/0x3b0
[ 1673.703920][T20923]  do_syscall_64+0xfa/0x3b0
[ 1673.703952][T20923]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1673.703983][T20923]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1673.704014][T20923]  ? clear_bhb_loop+0x60/0xb0
[ 1673.704042][T20923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1673.704064][T20923] RIP: 0033:0x7fd6d038ebe9
[ 1673.704084][T20923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1673.704103][T20923] RSP: 002b:00007fd6d1205038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1673.704126][T20923] RAX: ffffffffffffffda RBX: 00007fd6d05b5fa0 RCX: 00007fd6d038ebe9
[ 1673.704143][T20923] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[ 1673.704157][T20923] RBP: 00007fd6d1205090 R08: 0000000000000000 R09: 0000000000000000
[ 1673.704169][T20923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1673.704179][T20923] R13: 00007fd6d05b6038 R14: 00007fd6d05b5fa0 R15: 00007fd6d06dfa28
[ 1673.704203][T20923]  </TASK>
[ 1674.095042][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1674.476223][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1674.490903][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1676.033944][T17593] usb 5-1: USB disconnect, device number 55
[ 1676.121450][T20944] netlink: 'syz.0.3802': attribute type 10 has an invalid length.
[ 1676.158768][T20944] 8021q: adding VLAN 0 to HW filter on device team0
[ 1676.237817][T20944] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1677.268405][T20978] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1677.360075][T20979] CIFS: VFS: Malformed UNC in devname
[ 1679.840494][T11705] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1680.013009][T11705] usb 5-1: Using ep0 maxpacket: 16
[ 1680.099482][T11705] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1680.114854][T11705] usb 5-1: config 0 has no interfaces?
[ 1680.124326][T11705] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1680.139067][T11705] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1680.147501][T11705] usb 5-1: Manufacturer: syz
[ 1680.234645][T11705] usb 5-1: config 0 descriptor??
[ 1680.488091][T21003] input: syz0 as /devices/virtual/input/input100
[ 1680.504771][  T982] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1680.781062][  T982] usb 3-1: Using ep0 maxpacket: 16
[ 1680.788518][  T982] usb 3-1: config 1 interface 0 altsetting 4 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1680.799016][  T982] usb 3-1: config 1 interface 0 altsetting 4 bulk endpoint 0x82 has invalid maxpacket 0
[ 1680.817592][  T982] usb 3-1: config 1 interface 0 altsetting 4 bulk endpoint 0x3 has invalid maxpacket 16
[ 1680.858040][  T982] usb 3-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1680.909215][  T982] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1680.922257][  T982] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1680.934047][  T982] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1680.947106][  T982] usb 3-1: Product: syz
[ 1680.961206][  T982] usb 3-1: Manufacturer: syz
[ 1680.969540][  T982] usb 3-1: SerialNumber: syz
[ 1680.999974][T21000] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1681.218199][T21000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1681.259589][T21000] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1681.361656][T21000] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.3817'.
[ 1681.440647][T21011] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1681.491441][T21000] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[ 1681.579709][T21011] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1681.628090][T21000] CPU: 1 UID: 0 PID: 21000 Comm: syz.2.3817 Not tainted syzkaller #0 PREEMPT(full) 
[ 1681.628124][T21000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1681.628139][T21000] Call Trace:
[ 1681.628149][T21000]  <TASK>
[ 1681.628175][T21000]  dump_stack_lvl+0x189/0x250
[ 1681.628226][T21000]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1681.628256][T21000]  ? __pfx__printk+0x10/0x10
[ 1681.628296][T21000]  ? kernfs_path_from_node+0x2f/0x290
[ 1681.628321][T21000]  ? kernfs_path_from_node+0x250/0x290
[ 1681.628346][T21000]  ? kernfs_path_from_node+0x2f/0x290
[ 1681.628377][T21000]  sysfs_warn_dup+0x8e/0xa0
[ 1681.628404][T21000]  sysfs_do_create_link_sd+0xc0/0x110
[ 1681.628433][T21000]  device_add_class_symlinks+0x1cf/0x240
[ 1681.628464][T21000]  device_add+0x475/0xb50
[ 1681.628495][T21000]  wiphy_register+0x1ba6/0x28d0
[ 1681.628550][T21000]  ? __pfx_wiphy_register+0x10/0x10
[ 1681.628584][T21000]  ? minstrel_ht_alloc+0x6dd/0x7e0
[ 1681.628618][T21000]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[ 1681.628649][T21000]  ieee80211_register_hw+0x3425/0x4080
[ 1681.628696][T21000]  ? ieee80211_register_hw+0x1451/0x4080
[ 1681.628734][T21000]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1681.628768][T21000]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1681.628811][T21000]  ? __hrtimer_setup+0x187/0x210
[ 1681.628833][T21000]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1681.628877][T21000]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[ 1681.628944][T21000]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1681.628982][T21000]  ? trace_kmalloc+0x1f/0xd0
[ 1681.629011][T21000]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[ 1681.629045][T21000]  ? kstrndup+0xbf/0x160
[ 1681.629082][T21000]  hwsim_new_radio_nl+0xea4/0x1b10
[ 1681.629117][T21000]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1681.629172][T21000]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1681.629227][T21000]  ? __nla_parse+0x40/0x60
[ 1681.629269][T21000]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1681.629310][T21000]  genl_family_rcv_msg_doit+0x212/0x300
[ 1681.629348][T21000]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1681.629393][T21000]  ? bpf_lsm_capable+0x9/0x20
[ 1681.629425][T21000]  ? security_capable+0x7e/0x2e0
[ 1681.629468][T21000]  genl_rcv_msg+0x60e/0x790
[ 1681.629505][T21000]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1681.629531][T21000]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1681.629564][T21000]  ? __asan_memcpy+0x40/0x70
[ 1681.629591][T21000]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1681.629634][T21000]  netlink_rcv_skb+0x208/0x470
[ 1681.629667][T21000]  ? __lock_acquire+0xab9/0xd20
[ 1681.629702][T21000]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1681.629731][T21000]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1681.629790][T21000]  ? down_read+0x1ad/0x2e0
[ 1681.629815][T21000]  genl_rcv+0x28/0x40
[ 1681.629840][T21000]  netlink_unicast+0x82f/0x9e0
[ 1681.629882][T21000]  ? __pfx_netlink_unicast+0x10/0x10
[ 1681.629916][T21000]  ? netlink_sendmsg+0x642/0xb30
[ 1681.629950][T21000]  ? skb_put+0x11b/0x210
[ 1681.629977][T21000]  netlink_sendmsg+0x805/0xb30
[ 1681.630023][T21000]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1681.630064][T21000]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1681.630089][T21000]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1681.630114][T21000]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1681.630151][T21000]  __sock_sendmsg+0x21c/0x270
[ 1681.630183][T21000]  ____sys_sendmsg+0x505/0x830
[ 1681.630268][T21000]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1681.630304][T21000]  ? import_iovec+0x74/0xa0
[ 1681.630335][T21000]  ___sys_sendmsg+0x21f/0x2a0
[ 1681.630363][T21000]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1681.630430][T21000]  ? __fget_files+0x2a/0x420
[ 1681.630471][T21000]  ? __fget_files+0x3a0/0x420
[ 1681.630520][T21000]  __x64_sys_sendmsg+0x19b/0x260
[ 1681.630549][T21000]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1681.630587][T21000]  ? rcu_is_watching+0x15/0xb0
[ 1681.630618][T21000]  ? do_syscall_64+0xbe/0x3b0
[ 1681.630664][T21000]  do_syscall_64+0xfa/0x3b0
[ 1681.630703][T21000]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1681.630736][T21000]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1681.630761][T21000]  ? clear_bhb_loop+0x60/0xb0
[ 1681.630998][T21000]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1681.631042][T21000] RIP: 0033:0x7fa3fcb8ebe9
[ 1681.631077][T21000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1681.631102][T21000] RSP: 002b:00007fa3fd948038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1681.631133][T21000] RAX: ffffffffffffffda RBX: 00007fa3fcdb5fa0 RCX: 00007fa3fcb8ebe9
[ 1681.631157][T21000] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 000000000000000c
[ 1681.631180][T21000] RBP: 00007fa3fcc11e19 R08: 0000000000000000 R09: 0000000000000000
[ 1681.631198][T21000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1681.631215][T21000] R13: 00007fa3fcdb6038 R14: 00007fa3fcdb5fa0 R15: 00007fa3fcedfa28
[ 1681.631254][T21000]  </TASK>
[ 1682.163643][T21005] syz.1.3819 (21005): drop_caches: 2
[ 1682.603273][  T982] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[ 1682.754565][  T982] usb 3-1: USB disconnect, device number 75
[ 1683.027814][T17708] cgroup: fork rejected by pids controller in /syz1
[ 1683.578329][T11705] usb 5-1: USB disconnect, device number 56
[ 1683.972037][T21026] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3827'.
[ 1684.658989][T13660] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1684.674044][T13660] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1684.685737][T13660] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1684.697267][T13660] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1684.707586][T13660] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1685.568668][T21042] chnl_net:caif_netlink_parms(): no params data found
[ 1686.022838][T21042] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1686.032469][T21042] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1686.039801][T21042] bridge_slave_0: entered allmulticast mode
[ 1686.157432][T21086] input: syz0 as /devices/virtual/input/input101
[ 1686.215575][T21042] bridge_slave_0: entered promiscuous mode
[ 1686.275137][T21042] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1686.386546][T21042] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1686.390515][  T982] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1686.397573][T21042] bridge_slave_1: entered allmulticast mode
[ 1686.409549][T21042] bridge_slave_1: entered promiscuous mode
[ 1686.618841][  T982] usb 3-1: Using ep0 maxpacket: 16
[ 1686.639431][  T982] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1686.651248][  T982] usb 3-1: config 0 has no interfaces?
[ 1686.692713][  T982] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1686.735420][  T982] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1686.747662][  T982] usb 3-1: Manufacturer: syz
[ 1686.761672][T13660] Bluetooth: hci1: command tx timeout
[ 1686.775448][  T982] usb 3-1: config 0 descriptor??
[ 1686.803218][T21042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1686.816405][T21042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1687.092961][T21042] team0: Port device team_slave_0 added
[ 1687.119520][T21042] team0: Port device team_slave_1 added
[ 1687.256450][T21098] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3852'.
[ 1687.281846][T21042] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1687.303746][T21042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1687.417652][T21042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1687.500882][T21042] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1687.559133][T21042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1687.613307][T21100] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3854'.
[ 1687.680057][T21042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1688.145335][T21042] hsr_slave_0: entered promiscuous mode
[ 1688.169035][T21042] hsr_slave_1: entered promiscuous mode
[ 1688.660516][T11722] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 1688.820436][T11722] usb 5-1: Using ep0 maxpacket: 16
[ 1688.846531][T13660] Bluetooth: hci1: command tx timeout
[ 1688.857429][T11722] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1688.864031][  T982] usb 3-1: USB disconnect, device number 76
[ 1688.875186][T11722] usb 5-1: config 0 has no interfaces?
[ 1688.927233][T11722] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1688.949839][T11722] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1688.962911][T11722] usb 5-1: Manufacturer: syz
[ 1689.008482][T11722] usb 5-1: config 0 descriptor??
[ 1689.238210][T21116] CIFS: VFS: Malformed UNC in devname
[ 1691.039933][T13660] Bluetooth: hci1: command tx timeout
[ 1691.861818][T21042] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1692.854570][T21042] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1692.889151][T21122] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3859'.
[ 1693.022203][T21122] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1693.260746][T13660] Bluetooth: hci1: command tx timeout
[ 1693.672338][T21042] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1693.825842][T11722] usb 5-1: USB disconnect, device number 57
[ 1693.957264][T21136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1693.991119][T21136] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1694.049727][T21140] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3865'.
[ 1694.063323][T21042] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1694.226413][T21143] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[ 1694.355900][T21042] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1694.376141][T21042] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1694.399715][T21042] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1694.410370][T11705] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 1694.445010][T21042] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1694.580496][T11705] usb 5-1: Using ep0 maxpacket: 16
[ 1694.596617][T11705] usb 5-1: config 1 interface 0 altsetting 4 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1694.620366][T11705] usb 5-1: config 1 interface 0 altsetting 4 bulk endpoint 0x82 has invalid maxpacket 0
[ 1694.650365][T11705] usb 5-1: config 1 interface 0 altsetting 4 bulk endpoint 0x3 has invalid maxpacket 16
[ 1694.687200][T21042] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1694.694567][T11705] usb 5-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1694.727989][T11705] usb 5-1: config 1 interface 0 has no altsetting 0
[ 1694.751642][T11705] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1694.767559][T21042] 8021q: adding VLAN 0 to HW filter on device team0
[ 1694.781083][T11705] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1694.801600][T11705] usb 5-1: Product: syz
[ 1694.805852][T11705] usb 5-1: Manufacturer: syz
[ 1694.831548][T11705] usb 5-1: SerialNumber: syz
[ 1694.860857][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1694.862480][T21144] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 1694.868327][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1695.484657][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1695.491986][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1695.493970][T21144] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1695.610721][T21144] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1695.853288][T20374] hid-generic 0009:0008:0002.0035: item fetching failed at offset 1/90
[ 1695.876334][T20374] hid-generic 0009:0008:0002.0035: probe with driver hid-generic failed with error -22
[ 1695.898005][T21144] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.3867'.
[ 1695.958093][T21159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1696.030056][T21144] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[ 1696.035957][T21159] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1696.057453][T21144] CPU: 1 UID: 0 PID: 21144 Comm: syz.4.3867 Not tainted syzkaller #0 PREEMPT(full) 
[ 1696.057487][T21144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1696.057503][T21144] Call Trace:
[ 1696.057514][T21144]  <TASK>
[ 1696.057525][T21144]  dump_stack_lvl+0x189/0x250
[ 1696.057565][T21144]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1696.057595][T21144]  ? __pfx__printk+0x10/0x10
[ 1696.057636][T21144]  ? kernfs_path_from_node+0x2f/0x290
[ 1696.057664][T21144]  ? kernfs_path_from_node+0x250/0x290
[ 1696.057702][T21144]  ? kernfs_path_from_node+0x2f/0x290
[ 1696.057731][T21144]  sysfs_warn_dup+0x8e/0xa0
[ 1696.057754][T21144]  sysfs_do_create_link_sd+0xc0/0x110
[ 1696.057782][T21144]  device_add_class_symlinks+0x1cf/0x240
[ 1696.057812][T21144]  device_add+0x475/0xb50
[ 1696.057841][T21144]  wiphy_register+0x1ba6/0x28d0
[ 1696.057894][T21144]  ? __pfx_wiphy_register+0x10/0x10
[ 1696.057926][T21144]  ? minstrel_ht_alloc+0x6dd/0x7e0
[ 1696.057960][T21144]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[ 1696.057990][T21144]  ieee80211_register_hw+0x3425/0x4080
[ 1696.058059][T21144]  ? ieee80211_register_hw+0x1451/0x4080
[ 1696.058098][T21144]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1696.058130][T21144]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1696.058172][T21144]  ? __hrtimer_setup+0x187/0x210
[ 1696.058194][T21144]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1696.058233][T21144]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[ 1696.058300][T21144]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1696.058330][T21144]  ? trace_kmalloc+0x1f/0xd0
[ 1696.058359][T21144]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[ 1696.058393][T21144]  ? kstrndup+0xbf/0x160
[ 1696.058429][T21144]  hwsim_new_radio_nl+0xea4/0x1b10
[ 1696.058463][T21144]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1696.058517][T21144]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1696.058564][T21144]  ? __nla_parse+0x40/0x60
[ 1696.058605][T21144]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1696.058645][T21144]  genl_family_rcv_msg_doit+0x212/0x300
[ 1696.058687][T21144]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1696.058732][T21144]  ? bpf_lsm_capable+0x9/0x20
[ 1696.058764][T21144]  ? security_capable+0x7e/0x2e0
[ 1696.058808][T21144]  genl_rcv_msg+0x60e/0x790
[ 1696.058843][T21144]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1696.058870][T21144]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1696.058902][T21144]  ? __asan_memcpy+0x40/0x70
[ 1696.058929][T21144]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1696.058973][T21144]  netlink_rcv_skb+0x208/0x470
[ 1696.059006][T21144]  ? __lock_acquire+0xab9/0xd20
[ 1696.059041][T21144]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1696.059082][T21144]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1696.059140][T21144]  ? down_read+0x1ad/0x2e0
[ 1696.059166][T21144]  genl_rcv+0x28/0x40
[ 1696.059191][T21144]  netlink_unicast+0x82f/0x9e0
[ 1696.059235][T21144]  ? __pfx_netlink_unicast+0x10/0x10
[ 1696.059270][T21144]  ? netlink_sendmsg+0x642/0xb30
[ 1696.059303][T21144]  ? skb_put+0x11b/0x210
[ 1696.059331][T21144]  netlink_sendmsg+0x805/0xb30
[ 1696.059379][T21144]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1696.059419][T21144]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1696.059444][T21144]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1696.059469][T21144]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1696.059507][T21144]  __sock_sendmsg+0x21c/0x270
[ 1696.059543][T21144]  ____sys_sendmsg+0x505/0x830
[ 1696.059575][T21144]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1696.059611][T21144]  ? import_iovec+0x74/0xa0
[ 1696.059643][T21144]  ___sys_sendmsg+0x21f/0x2a0
[ 1696.059672][T21144]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1696.059741][T21144]  ? __fget_files+0x2a/0x420
[ 1696.059776][T21144]  ? __fget_files+0x3a0/0x420
[ 1696.059825][T21144]  __x64_sys_sendmsg+0x19b/0x260
[ 1696.059854][T21144]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1696.059891][T21144]  ? rcu_is_watching+0x15/0xb0
[ 1696.059922][T21144]  ? do_syscall_64+0xbe/0x3b0
[ 1696.059963][T21144]  do_syscall_64+0xfa/0x3b0
[ 1696.059996][T21144]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1696.060030][T21144]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1696.060060][T21144]  ? clear_bhb_loop+0x60/0xb0
[ 1696.060090][T21144]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1696.060114][T21144] RIP: 0033:0x7f9a9bf8ebe9
[ 1696.060135][T21144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1696.060156][T21144] RSP: 002b:00007f9a9ce15038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1696.060179][T21144] RAX: ffffffffffffffda RBX: 00007f9a9c1b5fa0 RCX: 00007f9a9bf8ebe9
[ 1696.060197][T21144] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 000000000000000c
[ 1696.060211][T21144] RBP: 00007f9a9c011e19 R08: 0000000000000000 R09: 0000000000000000
[ 1696.060226][T21144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1696.060240][T21144] R13: 00007f9a9c1b6038 R14: 00007f9a9c1b5fa0 R15: 00007f9a9c2dfa28
[ 1696.060277][T21144]  </TASK>
[ 1696.525508][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1696.625207][T21042] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1696.672294][T21042] veth0_vlan: entered promiscuous mode
[ 1696.685238][T21042] veth1_vlan: entered promiscuous mode
[ 1696.716058][T21042] veth0_macvtap: entered promiscuous mode
[ 1696.727529][T21042] veth1_macvtap: entered promiscuous mode
[ 1696.748252][T21042] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1696.760458][T21042] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1696.949855][ T1114] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1697.090357][ T1114] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1697.160750][T11722] usb 3-1: new full-speed USB device number 77 using dummy_hcd
[ 1697.162022][T11705] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[ 1697.179775][ T1114] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1697.216724][T11705] usb 5-1: USB disconnect, device number 58
[ 1697.278390][ T1114] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1697.314513][T11722] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1697.336910][T11722] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1697.349204][ T9890] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1697.387454][ T9890] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1697.408203][T11722] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1697.429663][T11722] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1697.493823][T11722] usb 3-1: config 0 descriptor??
[ 1697.537622][   T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1697.567590][   T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1697.800391][T11705] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[ 1697.934804][T11722] savu 0003:1E7D:2D5A.0036: global environment stack underflow
[ 1697.951869][T11722] savu 0003:1E7D:2D5A.0036: item 0 4 1 11 parsing failed
[ 1697.967030][T11705] usb 4-1: Using ep0 maxpacket: 16
[ 1697.982144][T11705] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1697.992959][T11705] usb 4-1: config 0 has no interfaces?
[ 1698.004566][T11705] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1698.011176][T11722] savu 0003:1E7D:2D5A.0036: parse failed
[ 1698.019446][T11705] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1698.029667][T11722] savu 0003:1E7D:2D5A.0036: probe with driver savu failed with error -22
[ 1698.042987][T11705] usb 4-1: Manufacturer: syz
[ 1698.082936][T11705] usb 4-1: config 0 descriptor??
[ 1698.119484][   T10] usb 3-1: USB disconnect, device number 77
[ 1698.455744][T21183] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3875'.
[ 1698.601103][T11722] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 1698.760764][T11722] usb 5-1: Using ep0 maxpacket: 16
[ 1699.426032][T11722] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1699.437284][T11722] usb 5-1: config 0 has no interfaces?
[ 1699.457720][T21193] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3878'.
[ 1699.490900][ T5921] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1699.517839][T11722] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1699.530630][T11722] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1699.546792][T11722] usb 5-1: Manufacturer: syz
[ 1699.575460][T11722] usb 5-1: config 0 descriptor??
[ 1699.700622][ T5921] usb 3-1: Using ep0 maxpacket: 16
[ 1699.720784][ T5921] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1699.739200][ T5921] usb 3-1: config 0 has no interfaces?
[ 1699.758956][ T5921] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1699.784289][ T5921] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1700.008042][ T5921] usb 3-1: Manufacturer: syz
[ 1700.272669][T11705] usb 4-1: USB disconnect, device number 92
[ 1700.295784][ T5921] usb 3-1: config 0 descriptor??
[ 1700.422043][T21197] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3879'.
[ 1700.451793][T21197] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3879'.
[ 1701.371746][T11705] usb 2-1: new high-speed USB device number 105 using dummy_hcd
[ 1701.693218][T11705] usb 2-1: config 0 has an invalid interface number: 145 but max is 0
[ 1701.701842][T11705] usb 2-1: config 0 has no interface number 0
[ 1701.823153][T11705] usb 2-1: New USB device found, idVendor=d0fb, idProduct=c258, bcdDevice=b9.74
[ 1701.854601][T21203] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1701.866345][T11705] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1701.896009][T11705] usb 2-1: Product: syz
[ 1701.977708][T11705] usb 2-1: Manufacturer: syz
[ 1702.096703][T11705] usb 2-1: SerialNumber: syz
[ 1702.130740][T21205] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3882'.
[ 1702.147654][T11705] usb 2-1: config 0 descriptor??
[ 1702.215950][T11705] usb 2-1: bad CDC descriptors
[ 1702.425718][T11705] usb 2-1: USB disconnect, device number 105
[ 1702.455892][T21211] fuse: Bad value for 'fd'
[ 1703.279804][T11722] usb 5-1: USB disconnect, device number 59
[ 1704.631661][ T5921] usb 3-1: USB disconnect, device number 78
[ 1704.734626][T13904] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[ 1704.854566][T21226] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3889'.
[ 1704.976960][T13904] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1705.018105][T13904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1705.052107][T13904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1705.100398][T13904] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1705.127008][T13904] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1705.209172][T13904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1705.329392][T13904] usb 4-1: config 0 descriptor??
[ 1705.635985][T21219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1705.671896][T21219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1705.752693][T13904] plantronics 0003:047F:FFFF.0037: ignoring exceeding usage max
[ 1705.779823][T13904] plantronics 0003:047F:FFFF.0037: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1706.368907][T21247] tipc: Resetting bearer <eth:syzkaller0>
[ 1706.423575][T21248] snd_dummy snd_dummy.0: control 0:-3:0:syz0:0 is already present
[ 1706.432859][T21248] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3894'.
[ 1706.484938][T21249] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1706.888846][T21254] netlink: zone id is out of range
[ 1706.897376][T21254] netlink: zone id is out of range
[ 1706.915244][T21254] netlink: zone id is out of range
[ 1706.965707][T21254] netlink: zone id is out of range
[ 1707.022953][T21254] netlink: set zone limit has 4 unknown bytes
[ 1707.681159][T21247] tipc: Resetting bearer <eth:syzkaller0>
[ 1707.702143][T17593] usb 4-1: USB disconnect, device number 93
[ 1707.725149][T15526] tipc: Resetting bearer <eth:syzkaller0>
[ 1707.884698][T21269] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[ 1707.897672][ T5921] IPVS: starting estimator thread 0...
[ 1708.020479][T21270] IPVS: using max 23 ests per chain, 55200 per kthread
[ 1709.401903][T17593] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[ 1709.454661][T21282] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3902'.
[ 1709.570500][T17593] usb 4-1: Using ep0 maxpacket: 16
[ 1709.585500][T17593] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1709.595812][T17593] usb 4-1: config 0 has no interfaces?
[ 1709.630718][T17593] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1709.639829][T17593] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1709.740607][T17593] usb 4-1: Manufacturer: syz
[ 1709.840535][T17593] usb 4-1: config 0 descriptor??
[ 1711.470349][T11705] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[ 1711.640420][T11705] usb 3-1: Using ep0 maxpacket: 16
[ 1711.693751][T11705] usb 3-1: config 1 interface 0 altsetting 4 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1711.704693][T11705] usb 3-1: config 1 interface 0 altsetting 4 bulk endpoint 0x82 has invalid maxpacket 0
[ 1711.761010][T11705] usb 3-1: config 1 interface 0 altsetting 4 bulk endpoint 0x3 has invalid maxpacket 16
[ 1711.803285][T11705] usb 3-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1711.892758][T11705] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1711.970844][T11705] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1711.980308][T11705] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1712.004499][T11705] usb 3-1: Product: syz
[ 1712.014593][T11705] usb 3-1: Manufacturer: syz
[ 1712.029557][T11705] usb 3-1: SerialNumber: syz
[ 1712.081173][T21305] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1712.420446][T20374] usb 2-1: new high-speed USB device number 106 using dummy_hcd
[ 1712.462742][T21305] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1712.643089][T21305] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1712.683222][T20374] usb 2-1: Using ep0 maxpacket: 32
[ 1712.695021][T20374] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1712.716734][T20374] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1712.905497][T21305] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.3908'.
[ 1712.905854][T20374] usb 2-1: Product: syz
[ 1712.920014][T21305] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[ 1712.964602][T20374] usb 2-1: Manufacturer: syz
[ 1712.980736][T20374] usb 2-1: SerialNumber: syz
[ 1713.010092][T20374] usb 2-1: config 0 descriptor??
[ 1713.063156][T21305] CPU: 1 UID: 0 PID: 21305 Comm: syz.2.3908 Not tainted syzkaller #0 PREEMPT(full) 
[ 1713.063187][T21305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1713.063201][T21305] Call Trace:
[ 1713.063211][T21305]  <TASK>
[ 1713.063223][T21305]  dump_stack_lvl+0x189/0x250
[ 1713.063261][T21305]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1713.063290][T21305]  ? __pfx__printk+0x10/0x10
[ 1713.063329][T21305]  ? kernfs_path_from_node+0x2f/0x290
[ 1713.063355][T21305]  ? kernfs_path_from_node+0x250/0x290
[ 1713.063380][T21305]  ? kernfs_path_from_node+0x2f/0x290
[ 1713.063412][T21305]  sysfs_warn_dup+0x8e/0xa0
[ 1713.063435][T21305]  sysfs_do_create_link_sd+0xc0/0x110
[ 1713.063464][T21305]  device_add_class_symlinks+0x1cf/0x240
[ 1713.063494][T21305]  device_add+0x475/0xb50
[ 1713.063524][T21305]  wiphy_register+0x1ba6/0x28d0
[ 1713.063580][T21305]  ? __pfx_wiphy_register+0x10/0x10
[ 1713.063613][T21305]  ? minstrel_ht_alloc+0x6dd/0x7e0
[ 1713.063647][T21305]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[ 1713.063688][T21305]  ieee80211_register_hw+0x3425/0x4080
[ 1713.063735][T21305]  ? ieee80211_register_hw+0x1451/0x4080
[ 1713.063771][T21305]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1713.063803][T21305]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1713.063845][T21305]  ? __hrtimer_setup+0x187/0x210
[ 1713.063867][T21305]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1713.063905][T21305]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[ 1713.063984][T21305]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1713.064013][T21305]  ? trace_kmalloc+0x1f/0xd0
[ 1713.064040][T21305]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[ 1713.064073][T21305]  ? kstrndup+0xbf/0x160
[ 1713.064109][T21305]  hwsim_new_radio_nl+0xea4/0x1b10
[ 1713.064144][T21305]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1713.064197][T21305]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1713.064242][T21305]  ? __nla_parse+0x40/0x60
[ 1713.064283][T21305]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1713.064321][T21305]  genl_family_rcv_msg_doit+0x212/0x300
[ 1713.064358][T21305]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1713.064402][T21305]  ? bpf_lsm_capable+0x9/0x20
[ 1713.064433][T21305]  ? security_capable+0x7e/0x2e0
[ 1713.064475][T21305]  genl_rcv_msg+0x60e/0x790
[ 1713.064509][T21305]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1713.064536][T21305]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1713.064569][T21305]  ? __asan_memcpy+0x40/0x70
[ 1713.064594][T21305]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1713.064637][T21305]  netlink_rcv_skb+0x208/0x470
[ 1713.064676][T21305]  ? __lock_acquire+0xab9/0xd20
[ 1713.064710][T21305]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1713.064739][T21305]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1713.064797][T21305]  ? down_read+0x1ad/0x2e0
[ 1713.064822][T21305]  genl_rcv+0x28/0x40
[ 1713.064847][T21305]  netlink_unicast+0x82f/0x9e0
[ 1713.064889][T21305]  ? __pfx_netlink_unicast+0x10/0x10
[ 1713.064923][T21305]  ? netlink_sendmsg+0x642/0xb30
[ 1713.064957][T21305]  ? skb_put+0x11b/0x210
[ 1713.064985][T21305]  netlink_sendmsg+0x805/0xb30
[ 1713.065030][T21305]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1713.065070][T21305]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1713.065095][T21305]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1713.065120][T21305]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1713.065156][T21305]  __sock_sendmsg+0x21c/0x270
[ 1713.065190][T21305]  ____sys_sendmsg+0x505/0x830
[ 1713.065223][T21305]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1713.065259][T21305]  ? import_iovec+0x74/0xa0
[ 1713.065291][T21305]  ___sys_sendmsg+0x21f/0x2a0
[ 1713.065318][T21305]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1713.065388][T21305]  ? __fget_files+0x2a/0x420
[ 1713.065421][T21305]  ? __fget_files+0x3a0/0x420
[ 1713.065470][T21305]  __x64_sys_sendmsg+0x19b/0x260
[ 1713.065499][T21305]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1713.065537][T21305]  ? rcu_is_watching+0x15/0xb0
[ 1713.065567][T21305]  ? do_syscall_64+0xbe/0x3b0
[ 1713.065625][T21305]  do_syscall_64+0xfa/0x3b0
[ 1713.065667][T21305]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1713.065700][T21305]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1713.065724][T21305]  ? clear_bhb_loop+0x60/0xb0
[ 1713.065753][T21305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1713.065776][T21305] RIP: 0033:0x7fa3fcb8ebe9
[ 1713.065799][T21305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1713.065820][T21305] RSP: 002b:00007fa3fd948038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1713.065844][T21305] RAX: ffffffffffffffda RBX: 00007fa3fcdb5fa0 RCX: 00007fa3fcb8ebe9
[ 1713.065862][T21305] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 000000000000000c
[ 1713.065877][T21305] RBP: 00007fa3fcc11e19 R08: 0000000000000000 R09: 0000000000000000
[ 1713.065892][T21305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1713.065906][T21305] R13: 00007fa3fcdb6038 R14: 00007fa3fcdb5fa0 R15: 00007fa3fcedfa28
[ 1713.065945][T21305]  </TASK>
[ 1713.932939][T20374] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1714.103201][T17593] usb 4-1: USB disconnect, device number 94
[ 1714.288636][T11705] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[ 1714.335629][T11705] usb 3-1: USB disconnect, device number 79
[ 1714.466863][T21323] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[ 1714.942233][T20374] gspca_stk1135: reg_w 0x5 err -110
[ 1714.955906][T20374] gspca_stk1135: serial bus timeout: status=0x00
[ 1714.989755][T20374] gspca_stk1135: Sensor write failed
[ 1715.013602][T20374] gspca_stk1135: serial bus timeout: status=0x00
[ 1715.045768][T20374] gspca_stk1135: Sensor write failed
[ 1715.064930][T20374] gspca_stk1135: serial bus timeout: status=0x00
[ 1715.096203][T20374] gspca_stk1135: Sensor read failed
[ 1715.119860][T20374] gspca_stk1135: serial bus timeout: status=0x00
[ 1715.144606][T20374] gspca_stk1135: Sensor read failed
[ 1715.166478][T20374] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1715.337863][T20374] gspca_stk1135: serial bus timeout: status=0x00
[ 1715.349217][T20374] gspca_stk1135: Sensor read failed
[ 1715.364153][T20374] gspca_stk1135: serial bus timeout: status=0x00
[ 1715.378367][T20374] gspca_stk1135: Sensor read failed
[ 1715.388446][T20374] gspca_stk1135: serial bus timeout: status=0x00
[ 1715.404410][T20374] gspca_stk1135: Sensor write failed
[ 1715.420116][T20374] gspca_stk1135: serial bus timeout: status=0x00
[ 1715.437367][T20374] gspca_stk1135: Sensor write failed
[ 1715.460414][T20374] stk1135 2-1:0.0: probe with driver stk1135 failed with error -110
[ 1715.973931][ T5921] usb 2-1: USB disconnect, device number 106
[ 1716.081309][T20374] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 1716.245939][T20374] usb 5-1: device descriptor read/64, error -71
[ 1716.980374][ T5921] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[ 1717.066116][T21350] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1717.096387][T21350] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1717.297769][T20374] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 1717.310556][ T5921] usb 2-1: Using ep0 maxpacket: 16
[ 1717.360695][ T5921] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1717.450392][T20374] usb 5-1: device descriptor read/64, error -71
[ 1717.464456][ T5921] usb 2-1: config 0 has no interfaces?
[ 1717.565169][T20374] usb usb5-port1: attempt power cycle
[ 1717.659702][ T5921] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1717.695590][ T5921] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1717.847322][ T5921] usb 2-1: Manufacturer: syz
[ 1717.894698][ T5921] usb 2-1: config 0 descriptor??
[ 1717.930292][T20374] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[ 1717.974253][T20374] usb 5-1: device descriptor read/8, error -71
[ 1718.030841][  T982] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[ 1718.225988][T20374] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[ 1718.249348][  T982] usb 4-1: Using ep0 maxpacket: 16
[ 1718.348224][T20374] usb 5-1: device descriptor read/8, error -71
[ 1718.383854][  T982] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1718.403547][  T982] usb 4-1: config 0 has no interfaces?
[ 1718.419917][  T982] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1718.471033][T20374] usb usb5-port1: unable to enumerate USB device
[ 1718.618718][  T982] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1718.649504][  T982] usb 4-1: Manufacturer: syz
[ 1718.677468][  T982] usb 4-1: config 0 descriptor??
[ 1721.132940][T21373] input: syz0 as /devices/virtual/input/input102
[ 1721.739470][ T5921] usb 2-1: USB disconnect, device number 107
[ 1722.479417][T21388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3928'.
[ 1724.050876][ T5932] usb 4-1: USB disconnect, device number 95
[ 1725.190549][ T5932] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[ 1725.361072][ T5932] usb 2-1: Using ep0 maxpacket: 16
[ 1725.370626][ T5921] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[ 1725.389487][ T5932] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1725.406711][ T5932] usb 2-1: config 0 has no interfaces?
[ 1725.455514][ T5932] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1725.543508][T11722] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[ 1725.583050][ T5921] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1725.610064][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1725.639082][ T5932] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1725.663056][ T5921] usb 5-1: Product: syz
[ 1725.678642][ T5921] usb 5-1: Manufacturer: syz
[ 1725.685812][ T5932] usb 2-1: Manufacturer: syz
[ 1725.704406][ T5921] usb 5-1: SerialNumber: syz
[ 1725.739991][ T5932] usb 2-1: config 0 descriptor??
[ 1725.745141][T11722] usb 4-1: Using ep0 maxpacket: 8
[ 1725.763698][ T5921] usb 5-1: config 0 descriptor??
[ 1725.788816][T11722] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1725.853137][T11722] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1725.900969][T20374] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[ 1725.939776][T11722] usb 4-1: Product: syz
[ 1726.011439][T11722] usb 4-1: Manufacturer: syz
[ 1726.016154][T11722] usb 4-1: SerialNumber: syz
[ 1726.105817][T11722] usb 4-1: config 0 descriptor??
[ 1726.110669][T20374] usb 3-1: Using ep0 maxpacket: 16
[ 1726.141406][T20374] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1726.149504][T20374] usb 3-1: config 0 has no interface number 0
[ 1726.320129][T11722] gspca_main: se401-2.14.0 probing 047d:5003
[ 1726.339527][T20374] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1726.602556][T20374] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1726.645690][T20374] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[ 1726.682232][T13904] usb 5-1: USB disconnect, device number 64
[ 1726.695819][T20374] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1726.758004][T11722] gspca_se401: ExtraFeatures: 7
[ 1726.974117][T11722] input: se401 as /devices/platform/dummy_hcd.3/usb4/4-1/input/input103
[ 1727.016043][T20374] usb 3-1: config 0 descriptor??
[ 1727.184946][T11722] usb 4-1: USB disconnect, device number 96
[ 1727.673895][T20374] uclogic 0003:28BD:0071.0038: pen parameters not found
[ 1727.683007][T20374] uclogic 0003:28BD:0071.0038: interface is invalid, ignoring
[ 1727.718239][T20374] usb 3-1: USB disconnect, device number 80
[ 1727.810888][  T982] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[ 1727.970373][  T982] usb 5-1: Using ep0 maxpacket: 8
[ 1727.996683][  T982] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1728.007976][  T982] usb 5-1: config 4 interface 0 has no altsetting 0
[ 1728.039692][  T982] usb 5-1: string descriptor 0 read error: -22
[ 1728.051118][  T982] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1728.156185][  T982] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1728.336802][  T982] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1728.369524][  T982] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1728.426218][  T982] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1728.452550][  T982] usb 5-1: media controller created
[ 1728.460284][T20374] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[ 1728.576529][  T982] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1728.631120][T20374] usb 4-1: Using ep0 maxpacket: 16
[ 1728.655959][T20374] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1728.666794][T20374] usb 4-1: config 0 has no interfaces?
[ 1728.709886][T20374] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1728.723412][T20374] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1728.733103][  T982] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1728.776223][T20374] usb 4-1: Manufacturer: syz
[ 1728.816274][T20374] usb 4-1: config 0 descriptor??
[ 1728.972572][  T982] usb 5-1: USB disconnect, device number 65
[ 1730.086562][ T5932] usb 2-1: USB disconnect, device number 108
[ 1730.215124][T20348] udevd[20348]: setting mode of /dev/bus/usb/002/108 to 020664 failed: No such file or directory
[ 1730.249918][T20348] udevd[20348]: setting owner of /dev/bus/usb/002/108 to uid=0, gid=0 failed: No such file or directory
[ 1730.614286][T21467] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3949'.
[ 1730.682175][T21471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1730.740023][T21471] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1730.913188][T21476] CIFS: VFS: Malformed UNC in devname
[ 1731.590895][T21475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1731.612391][T21475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1732.929300][T20374] usb 4-1: USB disconnect, device number 97
[ 1733.155648][T21491] netlink: 'syz.3.3954': attribute type 3 has an invalid length.
[ 1733.262197][T17593] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[ 1733.551707][T17593] usb 5-1: Using ep0 maxpacket: 16
[ 1733.576021][T17593] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1733.612662][T17593] usb 5-1: config 0 has no interfaces?
[ 1733.781462][T17593] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1733.850363][T17593] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1733.884722][T17593] usb 5-1: Manufacturer: syz
[ 1733.903593][T17593] usb 5-1: config 0 descriptor??
[ 1735.094800][T21513] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[ 1735.309404][T21518] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3963'.
[ 1735.407145][T21518] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3963'.
[ 1735.599835][T21524] netlink: 'syz.1.3965': attribute type 3 has an invalid length.
[ 1735.723164][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1735.729779][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 1735.985964][T21526] tipc: New replicast peer: 255.255.255.255
[ 1736.050636][T21526] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1736.221408][T21528] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3964'.
[ 1736.240672][T21528] tipc: Disabling bearer <udp:syz2>
[ 1736.518545][T17593] usb 5-1: USB disconnect, device number 66
[ 1736.767073][T21550] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3972'.
[ 1736.855335][T21551] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3972'.
[ 1737.115016][T21553] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[ 1737.163045][T21558] FAULT_INJECTION: forcing a failure.
[ 1737.163045][T21558] name failslab, interval 1, probability 0, space 0, times 0
[ 1737.283945][T21558] CPU: 0 UID: 0 PID: 21558 Comm: syz.2.3975 Not tainted syzkaller #0 PREEMPT(full) 
[ 1737.283974][T21558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1737.283987][T21558] Call Trace:
[ 1737.283996][T21558]  <TASK>
[ 1737.284006][T21558]  dump_stack_lvl+0x189/0x250
[ 1737.284032][T21558]  ? __pfx____ratelimit+0x10/0x10
[ 1737.284056][T21558]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1737.284075][T21558]  ? __pfx__printk+0x10/0x10
[ 1737.284103][T21558]  ? __pfx___might_resched+0x10/0x10
[ 1737.284118][T21558]  ? fs_reclaim_acquire+0x7d/0x100
[ 1737.284147][T21558]  should_fail_ex+0x414/0x560
[ 1737.284172][T21558]  should_failslab+0xa8/0x100
[ 1737.284197][T21558]  __kmalloc_noprof+0xcb/0x4f0
[ 1737.284217][T21558]  ? __kasan_kmalloc+0x93/0xb0
[ 1737.284237][T21558]  ? ovs_nla_copy_actions+0x68/0x3d0
[ 1737.284258][T21558]  ovs_nla_copy_actions+0x68/0x3d0
[ 1737.284274][T21558]  ? __asan_memcpy+0x40/0x70
[ 1737.284297][T21558]  ovs_flow_cmd_new+0x528/0xd80
[ 1737.284319][T21558]  ? stack_depot_save_flags+0x40/0x860
[ 1737.284347][T21558]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[ 1737.284414][T21558]  ? __nla_parse+0x40/0x60
[ 1737.284440][T21558]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1737.284467][T21558]  genl_family_rcv_msg_doit+0x212/0x300
[ 1737.284492][T21558]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1737.284521][T21558]  ? bpf_lsm_capable+0x9/0x20
[ 1737.284542][T21558]  ? security_capable+0x7e/0x2e0
[ 1737.284570][T21558]  genl_rcv_msg+0x60e/0x790
[ 1737.284594][T21558]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1737.284611][T21558]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[ 1737.284635][T21558]  ? __asan_memcpy+0x40/0x70
[ 1737.284652][T21558]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1737.284681][T21558]  netlink_rcv_skb+0x208/0x470
[ 1737.284703][T21558]  ? __lock_acquire+0xab9/0xd20
[ 1737.284728][T21558]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1737.284747][T21558]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1737.284784][T21558]  ? down_read+0x1ad/0x2e0
[ 1737.284802][T21558]  genl_rcv+0x28/0x40
[ 1737.284818][T21558]  netlink_unicast+0x82f/0x9e0
[ 1737.284847][T21558]  ? __pfx_netlink_unicast+0x10/0x10
[ 1737.284870][T21558]  ? netlink_sendmsg+0x642/0xb30
[ 1737.284892][T21558]  ? skb_put+0x11b/0x210
[ 1737.284916][T21558]  netlink_sendmsg+0x805/0xb30
[ 1737.284948][T21558]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1737.284975][T21558]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1737.284992][T21558]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1737.285009][T21558]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1737.285034][T21558]  __sock_sendmsg+0x21c/0x270
[ 1737.285058][T21558]  ____sys_sendmsg+0x505/0x830
[ 1737.285080][T21558]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1737.285103][T21558]  ? import_iovec+0x74/0xa0
[ 1737.285125][T21558]  ___sys_sendmsg+0x21f/0x2a0
[ 1737.285144][T21558]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1737.285188][T21558]  ? __fget_files+0x2a/0x420
[ 1737.285224][T21558]  ? __fget_files+0x3a0/0x420
[ 1737.285255][T21558]  __x64_sys_sendmsg+0x19b/0x260
[ 1737.285274][T21558]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1737.285297][T21558]  ? __pfx_ksys_write+0x10/0x10
[ 1737.285317][T21558]  ? rcu_is_watching+0x15/0xb0
[ 1737.285336][T21558]  ? do_syscall_64+0xbe/0x3b0
[ 1737.285362][T21558]  do_syscall_64+0xfa/0x3b0
[ 1737.285384][T21558]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1737.285405][T21558]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1737.285421][T21558]  ? clear_bhb_loop+0x60/0xb0
[ 1737.285439][T21558]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1737.285455][T21558] RIP: 0033:0x7fa3fcb8ebe9
[ 1737.285470][T21558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1737.285484][T21558] RSP: 002b:00007fa3fd948038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1737.285502][T21558] RAX: ffffffffffffffda RBX: 00007fa3fcdb5fa0 RCX: 00007fa3fcb8ebe9
[ 1737.285513][T21558] RDX: 000000002000c000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1737.285524][T21558] RBP: 00007fa3fd948090 R08: 0000000000000000 R09: 0000000000000000
[ 1737.285534][T21558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1737.285543][T21558] R13: 00007fa3fcdb6038 R14: 00007fa3fcdb5fa0 R15: 00007fa3fcedfa28
[ 1737.285566][T21558]  </TASK>
[ 1737.285576][T21558] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1739.060480][T17593] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[ 1739.076567][T21577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1739.116437][T21577] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1739.319052][T17593] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1739.361022][T17593] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1739.404853][T17593] usb 3-1: Product: syz
[ 1739.412937][T17593] usb 3-1: Manufacturer: syz
[ 1739.421524][T17593] usb 3-1: SerialNumber: syz
[ 1739.998240][T21593] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[ 1740.059017][T21594] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3987'.
[ 1740.104998][T21594] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3987'.
[ 1740.550318][T20374] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[ 1740.738120][T20374] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1740.747892][T20374] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1740.757593][T20374] usb 4-1: Product: syz
[ 1740.807043][T20374] usb 4-1: Manufacturer: syz
[ 1740.811930][T20374] usb 4-1: SerialNumber: syz
[ 1740.827958][T20374] usb 4-1: config 0 descriptor??
[ 1740.860625][   T10] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[ 1740.885625][T21574] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1740.894632][T17593] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 1740.911038][T21574] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1741.023807][   T10] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1741.048154][   T10] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1741.090490][   T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1741.126947][   T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1741.147497][T17593] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001000. ret = -EPROTO
[ 1741.176773][T17593] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[ 1741.199840][T17593] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1741.226054][T20374] usb 4-1: USB disconnect, device number 98
[ 1741.290102][   T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1741.325894][T17593] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1741.353696][T17593] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[ 1741.365035][   T10] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1741.384882][T17593] usb 3-1: USB disconnect, device number 81
[ 1741.392384][   T10] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1741.409836][   T10] usb 5-1: Product: syz
[ 1741.433089][   T10] usb 5-1: Manufacturer: syz
[ 1741.463493][   T10] cdc_wdm 5-1:1.0: skipping garbage
[ 1741.477367][   T10] cdc_wdm 5-1:1.0: skipping garbage
[ 1741.495237][   T10] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[ 1741.503630][   T10] cdc_wdm 5-1:1.0: Unknown control protocol
[ 1741.560533][   T30] kauditd_printk_skb: 9 callbacks suppressed
[ 1741.560565][   T30] audit: type=1326 audit(1755940624.688:2373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21612 comm="syz.0.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6d038ebe9 code=0x7ffc0000
[ 1741.629905][   T30] audit: type=1326 audit(1755940624.698:2374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21612 comm="syz.0.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6d038ebe9 code=0x7ffc0000
[ 1741.653476][   T30] audit: type=1326 audit(1755940624.698:2375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21612 comm="syz.0.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd6d038ebe9 code=0x7ffc0000
[ 1741.677538][   T30] audit: type=1326 audit(1755940624.698:2376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21612 comm="syz.0.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6d038ebe9 code=0x7ffc0000
[ 1741.840709][T21616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1741.862256][   T30] audit: type=1326 audit(1755940624.698:2377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21612 comm="syz.0.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6d038ebe9 code=0x7ffc0000
[ 1741.880706][T21616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1741.920428][   T30] audit: type=1326 audit(1755940624.698:2378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21612 comm="syz.0.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7fd6d038ebe9 code=0x7ffc0000
[ 1742.054965][T21621] netlink: 652 bytes leftover after parsing attributes in process `syz.3.3996'.
[ 1742.065003][   T30] audit: type=1326 audit(1755940624.698:2379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21612 comm="syz.0.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6d038ebe9 code=0x7ffc0000
[ 1742.167887][   T30] audit: type=1326 audit(1755940624.698:2380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21612 comm="syz.0.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7fd6d038ebe9 code=0x7ffc0000
[ 1742.252664][   T30] audit: type=1326 audit(1755940624.698:2381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21612 comm="syz.0.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6d038ebe9 code=0x7ffc0000
[ 1742.416589][T21630] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1742.433680][   T30] audit: type=1326 audit(1755940624.698:2382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21612 comm="syz.0.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd6d038d550 code=0x7ffc0000
[ 1742.694911][T21632] CIFS: VFS: Malformed UNC in devname
[ 1742.715789][T21636] binder: 21635:21636 unknown command 0
[ 1742.721492][T21636] binder: 21635:21636 ioctl c0306201 200000000080 returned -22
[ 1743.030372][T11722] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[ 1743.172364][T21650] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1743.198584][T21650] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1743.237956][T11722] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1743.775372][T21655] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4005'.
[ 1743.800890][T11722] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1743.816953][T11722] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1743.851155][T11722] usb 3-1: SerialNumber: syz
[ 1745.062408][T21638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1745.092710][T21638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1746.583150][T17593] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[ 1746.953102][T17593] usb 4-1: Using ep0 maxpacket: 16
[ 1747.048236][T11722] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71
[ 1747.154673][T21665] netlink: 652 bytes leftover after parsing attributes in process `syz.4.4009'.
[ 1747.154883][T21666] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1747.175077][T11722] usb 3-1: USB disconnect, device number 82
[ 1747.257592][T21666] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1747.298345][T21666] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1747.326315][T21666] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1747.570970][T11722] usb 3-1: new full-speed USB device number 83 using dummy_hcd
[ 1747.731784][T11722] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1747.743494][T11722] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1747.755254][T11722] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1747.766543][T11722] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1747.957042][T11722] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1747.967019][T11722] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1747.975341][T11722] usb 3-1: Manufacturer: syz
[ 1748.006438][T11722] usb 3-1: config 0 descriptor??
[ 1748.520536][   T31] INFO: task kworker/0:6:5976 blocked for more than 143 seconds.
[ 1748.528341][   T31]       Not tainted syzkaller #0
[ 1748.560420][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1748.609486][   T31] task:kworker/0:6     state:D stack:20536 pid:5976  tgid:5976  ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1748.623321][T11722] rc_core: IR keymap rc-hauppauge not found
[ 1748.654486][T11722] Registered IR keymap rc-empty
[ 1748.680818][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1748.701402][   T31] Workqueue: usb_hub_wq hub_event
[ 1748.718048][   T31] Call Trace:
[ 1748.730638][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1748.746498][T21684] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1748.764656][   T31]  <TASK>
[ 1748.775017][   T31]  __schedule+0x1798/0x4cc0
[ 1748.795116][T11722] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 1748.823994][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1748.843280][   T31]  ? __pfx___schedule+0x10/0x10
[ 1748.867384][   T31]  ? schedule+0x91/0x360
[ 1748.881891][T11722] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input104
[ 1748.902521][   T31]  schedule+0x165/0x360
[ 1748.930622][   T31]  schedule_timeout+0x9a/0x270
[ 1748.954089][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[ 1748.977947][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1748.993366][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1749.035257][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1749.060466][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1749.077507][   T31]  ? wait_for_completion+0x267/0x5d0
[ 1749.104102][   T31]  wait_for_completion+0x2bf/0x5d0
[ 1749.110952][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1749.134120][T21684] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1749.158915][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[ 1749.190652][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1749.201661][   T31]  i2c_del_adapter+0x581/0x6e0
[ 1749.228158][T21681] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4012'.
[ 1749.247628][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1749.270515][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1749.286231][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[ 1749.321154][   T31]  ? dvb_usbv2_exit+0x85a/0x9e0
[ 1749.331216][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1749.367021][   T31]  dvb_usbv2_probe+0x4ae/0x41a0
[ 1749.408532][   T31]  ? __pfx_dvb_usbv2_probe+0x10/0x10
[ 1749.420643][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1749.456085][   T31]  ? __pm_runtime_set_status+0x785/0xa50
[ 1749.464832][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1749.500539][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1749.541023][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1749.585272][T11722] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1749.656176][T11722] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1749.731861][T11722] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1749.761262][T17593] usb 4-1: device descriptor read/all, error -71
[ 1749.768520][   T31]  usb_probe_interface+0x665/0xc30
[ 1749.773978][   T31]  ? __pfx_usb_probe_interface+0x10/0x10
[ 1749.780516][   T31]  really_probe+0x26d/0x9e0
[ 1749.819798][T11722] usb 3-1: USB disconnect, device number 83
[ 1750.176941][   T31]  __driver_probe_device+0x18c/0x2f0
[ 1750.420473][   T31]  driver_probe_device+0x4f/0x430
[ 1750.425751][   T31]  __device_attach_driver+0x2ce/0x530
[ 1750.431711][   T31]  bus_for_each_drv+0x24e/0x2e0
[ 1750.448483][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[ 1750.475150][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[ 1750.495920][   T31]  __device_attach+0x2b8/0x400
[ 1750.512681][   T31]  ? __pfx___device_attach+0x10/0x10
[ 1750.532160][   T31]  ? do_raw_spin_unlock+0x122/0x240
[ 1750.550388][   T31]  bus_probe_device+0x185/0x260
[ 1750.565994][   T31]  device_add+0x7b6/0xb50
[ 1750.584972][   T31]  usb_set_configuration+0x1a87/0x20e0
[ 1750.602042][   T31]  usb_generic_driver_probe+0x8d/0x150
[ 1750.625746][   T31]  usb_probe_device+0x1c4/0x390
[ 1750.640491][   T31]  ? __pfx_usb_probe_device+0x10/0x10
[ 1750.659641][   T31]  really_probe+0x26d/0x9e0
[ 1750.678827][   T31]  __driver_probe_device+0x18c/0x2f0
[ 1750.698161][   T31]  driver_probe_device+0x4f/0x430
[ 1750.716972][   T31]  __device_attach_driver+0x2ce/0x530
[ 1750.733823][   T31]  bus_for_each_drv+0x24e/0x2e0
[ 1750.752316][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[ 1750.771827][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[ 1750.793688][   T31]  __device_attach+0x2b8/0x400
[ 1750.805032][   T31]  ? __pfx___device_attach+0x10/0x10
[ 1750.823599][   T31]  ? do_raw_spin_unlock+0x122/0x240
[ 1750.842600][   T31]  bus_probe_device+0x185/0x260
[ 1750.853506][   T31]  device_add+0x7b6/0xb50
[ 1750.873026][   T31]  usb_new_device+0xa39/0x16f0
[ 1750.891245][   T31]  ? __pfx_usb_new_device+0x10/0x10
[ 1750.908688][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1750.928976][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1750.943495][   T31]  hub_event+0x2958/0x4a20
[ 1750.957064][   T31]  ? __pfx_hub_event+0x10/0x10
[ 1750.976364][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1750.994338][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1751.013730][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1751.030867][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1751.050274][   T31]  process_scheduled_works+0xae1/0x17b0
[ 1751.069277][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1751.111313][   T31]  worker_thread+0x8a0/0xda0
[ 1751.122804][   T31]  kthread+0x70e/0x8a0
[ 1751.130241][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1751.147367][   T31]  ? __pfx_kthread+0x10/0x10
[ 1751.152372][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1751.167861][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1751.178542][   T31]  ? __pfx_kthread+0x10/0x10
[ 1751.188686][   T31]  ret_from_fork+0x3f9/0x770
[ 1751.198806][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1751.235168][   T31]  ? __switch_to_asm+0x39/0x70
[ 1751.270445][   T31]  ? __switch_to_asm+0x33/0x70
[ 1751.275460][   T31]  ? __pfx_kthread+0x10/0x10
[ 1751.301536][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1751.329730][   T31]  </TASK>
[ 1751.344019][   T31] 
[ 1751.344019][   T31] Showing all locks held in the system:
[ 1751.401340][   T31] 1 lock held by khungtaskd/31:
[ 1751.489513][   T31]  #0: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1751.500997][   T31] 2 locks held by getty/5623:
[ 1751.537907][   T31]  #0: ffff88814e2140a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1751.572003][   T31]  #1: ffffc900036c42f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1751.670560][   T31] 5 locks held by kworker/0:6/5976:
[ 1751.675821][   T31]  #0: ffff8880216e0948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1751.744011][   T31]  #1: ffffc900046c7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1751.784915][   T31]  #2: ffff888027c15198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[ 1751.829402][   T31]  #3: ffff8880578c9198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[ 1751.859230][   T31]  #4: ffff888081865160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[ 1751.898223][   T31] 2 locks held by kworker/u8:11/10047:
[ 1751.926790][   T31]  #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[ 1751.964915][   T31]  #1: ffff8880b8724008 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
[ 1751.998335][   T31] 3 locks held by kworker/0:0/11705:
[ 1752.025096][   T31] 6 locks held by kworker/1:11/11722:
[ 1752.047720][   T31]  #0: ffff8880216e0948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1752.089271][   T31]  #1: ffffc9000b1a7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1752.121994][   T31]  #2: ffff888027dae198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[ 1752.145920][   T31]  #3: ffff88807e072198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950
[ 1752.192886][   T31]  #4: ffff88806cea9160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x800
[ 1752.210966][   T31]  #5: ffffffff8efa70a8 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x328/0x640
[ 1752.232534][   T31] 3 locks held by kworker/1:14/13904:
[ 1752.243671][   T31] 1 lock held by syz.4.3991/21617:
[ 1752.255633][   T31]  #0: ffffffff8e13f978 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1752.267592][   T31] 2 locks held by syz.3.4004/21658:
[ 1752.273264][   T31]  #0: ffffffff8f52b5b0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[ 1752.305689][   T31]  #1: ffffffff8e13f978 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1752.405017][   T31] 1 lock held by syz.1.4011/21674:
[ 1752.412398][   T31] 1 lock held by syz.4.4012/21684:
[ 1752.423601][   T31]  #0: ffff8880593bc4d8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nf_tables_valid_genid+0x3b/0x100
[ 1752.446058][   T31] 2 locks held by vhost-21681/21691:
[ 1752.458589][   T31]  #0: ffff8880586b0ce8 (&vtsk->exit_mutex){+.+.}-{4:4}, at: vhost_task_fn+0x327/0x430
[ 1752.468612][   T31]  #1: ffff88802e893480 (&worker->mutex){+.+.}-{4:4}, at: vhost_worker_killed+0x57/0x390
[ 1752.498878][T13904] usb 5-1: USB disconnect, device number 67
[ 1752.535444][   T31] 
[ 1752.537860][   T31] =============================================
[ 1752.537860][   T31] 
[ 1752.621900][   T31] NMI backtrace for cpu 1
[ 1752.621918][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1752.621936][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1752.621947][   T31] Call Trace:
[ 1752.621954][   T31]  <TASK>
[ 1752.621961][   T31]  dump_stack_lvl+0x189/0x250
[ 1752.621987][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1752.622007][   T31]  ? __pfx__printk+0x10/0x10
[ 1752.622039][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1752.622060][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1752.622081][   T31]  ? __pfx__printk+0x10/0x10
[ 1752.622106][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1752.622134][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1752.622155][   T31]  watchdog+0xf93/0xfe0
[ 1752.622182][   T31]  ? watchdog+0x1de/0xfe0
[ 1752.622208][   T31]  kthread+0x70e/0x8a0
[ 1752.622230][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1752.622251][   T31]  ? __pfx_kthread+0x10/0x10
[ 1752.622272][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1752.622293][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1752.622314][   T31]  ? __pfx_kthread+0x10/0x10
[ 1752.622335][   T31]  ret_from_fork+0x3f9/0x770
[ 1752.622354][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1752.622374][   T31]  ? __switch_to_asm+0x39/0x70
[ 1752.622407][   T31]  ? __switch_to_asm+0x33/0x70
[ 1752.622427][   T31]  ? __pfx_kthread+0x10/0x10
[ 1752.622449][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1752.622486][   T31]  </TASK>
[ 1752.622493][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1752.773683][    C0] NMI backtrace for cpu 0
[ 1752.773703][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[ 1752.773724][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1752.773737][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1752.773770][    C0] Code: 53 e7 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 86 0e 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1752.773787][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2
[ 1752.773804][    C0] RAX: 856c1add59d05000 RBX: ffffffff819683b8 RCX: 856c1add59d05000
[ 1752.773819][    C0] RDX: 0000000000000001 RSI: ffffffff8d9b735f RDI: ffffffff8be33680
[ 1752.773833][    C0] RBP: ffffffff8de07eb8 R08: ffff8880b8632f9b R09: 1ffff110170c65f3
[ 1752.773848][    C0] R10: dffffc0000000000 R11: ffffed10170c65f4 R12: ffffffff8fa38630
[ 1752.773863][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a20
[ 1752.773876][    C0] FS:  0000000000000000(0000) GS:ffff888125c1b000(0000) knlGS:0000000000000000
[ 1752.773892][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1752.773905][    C0] CR2: 0000200000125030 CR3: 000000007703a000 CR4: 00000000003526f0
[ 1752.773922][    C0] DR0: 0000000000000000 DR1: 00000000ffff000b DR2: 0000000000000000
[ 1752.773934][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1752.773946][    C0] Call Trace:
[ 1752.773954][    C0]  <TASK>
[ 1752.773962][    C0]  default_idle+0x13/0x20
[ 1752.773980][    C0]  default_idle_call+0x74/0xb0
[ 1752.773999][    C0]  do_idle+0x1e8/0x510
[ 1752.774017][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1752.774041][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1752.774063][    C0]  ? do_idle+0x11/0x510
[ 1752.774083][    C0]  cpu_startup_entry+0x44/0x60
[ 1752.774100][    C0]  rest_init+0x2de/0x300
[ 1752.774121][    C0]  start_kernel+0x3a9/0x410
[ 1752.774146][    C0]  x86_64_start_reservations+0x24/0x30
[ 1752.774174][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1752.774205][    C0]  common_startup_64+0x13e/0x147
[ 1752.774240][    C0]  </TASK>
[ 1752.788604][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1752.788632][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1752.788661][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1752.788679][   T31] Call Trace:
[ 1752.788698][   T31]  <TASK>
[ 1752.788712][   T31]  dump_stack_lvl+0x99/0x250
[ 1752.788750][   T31]  ? __asan_memcpy+0x40/0x70
[ 1752.788782][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1752.788815][   T31]  ? __pfx__printk+0x10/0x10
[ 1752.788869][   T31]  vpanic+0x281/0x750
[ 1752.788903][   T31]  ? __pfx_vpanic+0x10/0x10
[ 1752.788930][   T31]  ? __x2apic_send_IPI_mask+0x1e4/0x260
[ 1752.788966][   T31]  ? preempt_schedule+0xae/0xc0
[ 1752.789003][   T31]  ? preempt_schedule_common+0x83/0xd0
[ 1752.789046][   T31]  panic+0xb9/0xc0
[ 1752.789074][   T31]  ? __pfx_panic+0x10/0x10
[ 1752.789107][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1752.789154][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[ 1752.789191][   T31]  watchdog+0xfd2/0xfe0
[ 1752.789234][   T31]  ? watchdog+0x1de/0xfe0
[ 1752.789275][   T31]  kthread+0x70e/0x8a0
[ 1752.789312][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1752.789347][   T31]  ? __pfx_kthread+0x10/0x10
[ 1752.789389][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1752.789421][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1752.789455][   T31]  ? __pfx_kthread+0x10/0x10
[ 1752.789487][   T31]  ret_from_fork+0x3f9/0x770
[ 1752.789518][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1752.789552][   T31]  ? __switch_to_asm+0x39/0x70
[ 1752.789585][   T31]  ? __switch_to_asm+0x33/0x70
[ 1752.789618][   T31]  ? __pfx_kthread+0x10/0x10
[ 1752.789651][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1752.789710][   T31]  </TASK>
[ 1753.143681][   T31] Kernel Offset: disabled
[ 1753.148005][   T31] Rebooting in 86400 seconds..