last executing test programs:

9.856327714s ago: executing program 2 (id=444):
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2})
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
r1 = openat$vim2m(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000000c0)=0x41d9, 0x4)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0cc5605, &(0x7f0000000040)={0x1, @pix_mp={0x0, 0xb0, 0x33524742}})
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040100010300000009210000000122050009058103"], 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000000400000004000000df00000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000068038fa91db9bf9017dd64531a92f1740fc1e16794c2d1c75093974590c6ab36c149887b504a8fffcecccf9bc1b3fc6fe83ed93d5f226db281f18f37273d19474c3d2b382d02b0c8a13e81ad02e1ec6b195249"], 0x48)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r4, 0x58, &(0x7f0000000780)}, 0x10)
r5 = socket(0x28, 0x3, 0x1a02)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'veth1_to_bridge\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000b40)=@newqdisc={0x434, 0x24, 0xf0b, 0xa000, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xc}, {0xffff, 0xfff1}, {0xd, 0x2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0xf, 0xef3400, 0x0, 0x2, 0x5b7, 0x8, 0x5, 0xcd1, 0x3, 0x3, 0x7fff, 0x9, 0x400, 0x7, 0x7fff, 0xadda, 0xa, 0x0, 0xe95c, 0x2, 0x8000, 0x400, 0x1c7d5ce8, 0x2, 0xc63e, 0x2, 0x3, 0x4, 0x2, 0x2, 0x1, 0x9, 0xfff, 0x200, 0x6, 0xfff, 0x4, 0x7ff, 0x9, 0x9, 0x6, 0x1, 0x9, 0x3, 0x0, 0x4, 0x1, 0x4, 0x0, 0x0, 0x3, 0x3ff, 0x7723, 0x6, 0x8, 0x4, 0x200, 0x3, 0xb, 0xe58b, 0x0, 0xa, 0xc55c, 0x9, 0x7, 0x5, 0xffffffff, 0x6, 0x9, 0x3, 0x7, 0xffff, 0x100, 0x9, 0x8, 0x1450, 0xe45, 0x10, 0x127e9d6e, 0x5, 0x1, 0x3, 0x7, 0x3, 0x7ff, 0x6, 0x5, 0x5, 0x2, 0x5, 0xb908, 0x3, 0x6, 0x3, 0x3, 0x0, 0x6, 0xfff, 0x1, 0xc01c, 0x1, 0x100, 0x3, 0x0, 0x7fffffff, 0x704, 0x2ce2, 0x8, 0x0, 0x0, 0xe, 0x3, 0x101, 0x9, 0x7, 0x6, 0x7, 0xd9e2, 0x6, 0xff, 0xa, 0xfffffff8, 0x2, 0x2, 0xf, 0x9, 0x6, 0x3, 0x9, 0x2, 0x4839c6a3, 0x80, 0x9, 0x8, 0x9, 0x4, 0x5, 0x3, 0x6, 0x80000001, 0x400, 0x2, 0x0, 0x6, 0x1, 0x9, 0x6c, 0x0, 0x55, 0x6, 0x3b15f894, 0xfffffffb, 0x5, 0x5, 0x8001, 0x0, 0x10, 0x9, 0x5, 0x9b1d, 0x31a, 0x7, 0x8000, 0x5, 0x200, 0x9, 0x5, 0x1, 0x2, 0x7fffffff, 0x4, 0x0, 0x6, 0x5, 0x9, 0x5, 0xaa, 0x5, 0x8f, 0x7, 0x8000, 0x7fff, 0xffff, 0x0, 0xb, 0xb, 0x200, 0xdb3a, 0xc, 0x2, 0x3, 0x9, 0x3, 0x2, 0x5e4, 0x400, 0x5, 0x6, 0x7, 0xffffff7f, 0x1, 0x5, 0x8, 0x3, 0xffff, 0x18, 0x5, 0x6, 0x7, 0x5, 0x5, 0x6ff, 0x401, 0x10, 0x7, 0x80, 0x7ff, 0x8, 0x8, 0x5, 0x1, 0x8, 0xd36, 0x7, 0x8d8, 0x4, 0xff, 0xd7, 0x1ff, 0x0, 0x3, 0x0, 0x6, 0x0, 0xc, 0x8, 0x100, 0x3, 0xffffff84, 0x40, 0x4, 0x1, 0x7, 0x8000, 0x8, 0x4, 0x8, 0x9, 0x3, 0x3, 0x5, 0x5, 0x3, 0x724e, 0x9, 0x6]}]}}]}, 0x434}, 0x1, 0x0, 0x0, 0x4040}, 0x4000)
syz_usb_control_io$hid(r3, 0x0, 0x0)
mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2)
syz_usb_control_io$hid(r3, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0022050000004b741cb97642d13219d8b665dff9ac576af616012ec85c359afb8d22966e9556857b"], 0x0}, 0x0)
fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f0000000140))
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r8 = dup(r7)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
read$FUSE(r8, &(0x7f0000001140)={0x2020}, 0x2020)
r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000010b404b10700000000000109022400010000080009042272e7de0ad005000001030000000921000000012205000905"], 0x0)
syz_usb_control_io(r9, 0x0, 0x0)
r10 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r10, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r11, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)

9.799115869s ago: executing program 4 (id=445):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x40000001ed602, 0x0)
io_setup(0x6, &(0x7f0000000100)=<r1=>0x0)
io_submit(r1, 0x2000000000000153, &(0x7f00000000c0)=[&(0x7f0000000200)={0x0, 0x0, 0x20, 0x1, 0x0, r0, 0x0, 0xfe00}])
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000140), 0x4, 0x48202)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e21, @loopback}], 0x10)
setsockopt(r3, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8)
recvmsg(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000480)={{0x0, 0x3, 0x1, 0x4}, 'syz0\x00', 0x10})
ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0xee)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$UI_DEV_CREATE(r2, 0x5501)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002340)="d8000000180081054e81f782db4cb904021d0800fe007c05e8fe55a10a0015000900142603600e12080005007f370401a8001600200004000400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2e98a61e284ce5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970392", 0xd8}], 0x1}, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r5, 0xffffffffffffffff, 0x0)

8.793168268s ago: executing program 4 (id=451):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x20040010)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000080)=0x2, 0x4)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x9}, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x54)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x24, 0x301, 0x70bd25, 0xfffffffc, {0x11}, [@typed={0x8, 0x142, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x51}, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000200), 0x76, 0x103901)
ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f0000000040)={0x80, 0x8, 0x7ff, 0x0, 0x0, 0xf421, 0x0})
fsopen(0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)
close_range(r5, r5, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r6, &(0x7f0000000580)="81", 0x1, 0x10, &(0x7f0000000280)={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x81}, 0x1c)
accept4(r3, 0x0, 0x0, 0x80000)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGPGRP(r7, 0x8904, &(0x7f0000000340))
gettid()

7.685223507s ago: executing program 1 (id=453):
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x80402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000340)={&(0x7f0000006080)=[{0x3, 0x9001, 0x22, &(0x7f00000013c0)="41d170c544a5bb6ffdacad1e29046b3f7d766306b8a8e7f7cc3c1a8c5962fd4f6644"}, {0xfff, 0x0, 0x0, 0x0}], 0x2})

7.006427025s ago: executing program 3 (id=455):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={0x0, @in={0x2, 0x4e20, @private=0xa010100}, @in={0x2, 0x4e24, @remote}, @nl=@unspec, 0xc, 0x0, 0x0, 0x0, 0x5, &(0x7f00000001c0)='veth0_to_bridge\x00', 0x100000, 0x1000009, 0x42})
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
timer_create(0x5, 0x0, &(0x7f0000000100))
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r1 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x2476, 0x40, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0x1}, 0x20)
write$tun(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="4702008000650000001190787f000001000000000707730a010100004e234e240064907802000000030000000200000001b4c01a537e080823a574e05412ae927a17df0284af876f1cb0fc481af6393ec08ba855bb1d639afcafe06eb92892e110ffc1ae513625a0ae6eddbef542d414d484114a0efe5144cd72c312"], 0x80)
creat(&(0x7f0000000000)='./file0\x00', 0xc0)

6.825030291s ago: executing program 3 (id=456):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000440)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r1, &(0x7f0000000200)="c87d154d74d0c13c9ec74207e5da6bde1f220935b5e231bb28154fe343e0b32bcc28b58ace89e4bb4e9055a6f293a4aaced131c0f590a45b51a4ea6dbb46", 0x0}, 0x1c)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, 0x0)

6.824703296s ago: executing program 0 (id=457):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) (async)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty, 0x3}, 0x1c) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$unix(r1, 0x0, 0x0, 0x2004c084, &(0x7f0000001680)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}}) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 64)
memfd_secret(0x0) (rerun: 64)
socket$netlink(0x10, 0x3, 0x4) (async)
syz_usb_connect(0x3, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="120100006ceb85409c240290adde0000000109029200010000000009040000002bdf6d00c2568b242cafc4cd922810a3d87ea761e89b0b5acd3631958a1badfcff02cc5e0a81ce0c725d56eee6dd1a600c79896cad1cadbd95699a6275b59b9ea58cae34caf2f309efa4f4f0503364003c06e92296722feea7a09e8f8dc516e2e41cdd49bcdb6d77ae60ed24a514e5b39287d681457f58a6e73b4fcd916bcc267047"], 0x0) (async)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f00000000c0)=0x3fcf, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r6=>0x0})
sendmsg$can_raw(r5, &(0x7f0000000340)={&(0x7f0000000080)={0x1d, r6}, 0x10, &(0x7f0000000000)={&(0x7f00000001c0)=@can={{0x2, 0x0, 0x0, 0x1}, 0x5, 0x2, 0x0, 0x0, "4a620761efe46bde"}, 0x10}}, 0x1) (async)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000400)) (async, rerun: 64)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) (async, rerun: 64)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x5e, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140040001000010600000000000000000000000a28000000000a010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000902030073797a32000000001400000011000100"/111], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a010200000000adfa7b65ec86e57086773849ed5e000000000200000008000340000000000c00104000000000000000020900010073797a3000000000080003400000000a140000001100"], 0x64}}, 0x0) (async)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
link(&(0x7f0000001580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
socket$nl_route(0x10, 0x3, 0x0)

6.708127986s ago: executing program 2 (id=458):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{0x0}], 0x1)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'tunl0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[], 0x40}}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000180)={0xfffffffffffffffe, <r5=>r1, 0x1})
ioctl$SIOCGETSGCNT(r5, 0x89e1, &(0x7f00000001c0)={@broadcast, @remote})

6.121673185s ago: executing program 4 (id=459):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x40810}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008001}, 0x4804)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000001c0)={0x0, 0xffff}, 0x8)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xf)
ioctl$sock_SIOCETHTOOL(r2, 0x89f6, &(0x7f0000001440)={'bridge0\x00', 0x0})
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x114, 0x0, 0x0, 0x4)
timer_create(0x0, 0x0, 0x0)
r3 = fsopen(&(0x7f00000000c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
close(r0)

5.61080483s ago: executing program 3 (id=460):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0)
r1 = socket$rxrpc(0x21, 0x2, 0x2)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000040)='\x00', 0x1)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_GET_FROZEN_INFO(r3, 0xc00c620f, &(0x7f00000001c0))
r4 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/38, 0x26}], 0x1, 0xfffffff5, 0x100000a)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000004, 0x31, 0xffffffffffffffff, 0x8871b000)

5.085066195s ago: executing program 4 (id=461):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
openat$sequencer2(0xffffff9c, 0x0, 0x143240, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
read(r1, 0x0, 0x0)

5.05661199s ago: executing program 0 (id=462):
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000680)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x68, &(0x7f00000006c0)={@fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, &(0x7f0000000440)=""/210, 0xd2, 0x1, 0x29}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

4.959175336s ago: executing program 1 (id=463):
r0 = creat(0x0, 0xd931d3864d39ddd8)
close(r0)
openat$ppp(0xffffffffffffff9c, 0x0, 0xc8902, 0x0) (async, rerun: 64)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}) (rerun: 64)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0xa9, 0x8000000000000000, 0x8, 0x7, 0x8000003}, 0x0)
keyctl$set_reqkey_keyring(0x6, 0xfffffffffffffffd) (async, rerun: 32)
syz_open_procfs(0x0, 0x0) (rerun: 32)
fanotify_init(0xa00, 0x0) (async, rerun: 64)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) (async, rerun: 64)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 32)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100, 0x0) (rerun: 32)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x200840d, &(0x7f0000000280)=ANY=[])
read$FUSE(r3, &(0x7f0000002480)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000140)={0x50, 0x0, r4, {0x7, 0x2b, 0xd, 0x800108, 0xa, 0x8, 0x5, 0x6, 0x0, 0x0, 0x40, 0xfffffffc}}, 0x50) (async)
umount2(&(0x7f0000000000)='./file0\x00', 0x1)
keyctl$session_to_parent(0x12) (async)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
ioctl$TIOCPKT(r5, 0x5420, 0x0) (async)
ioctl$TIOCSPTLCK(r5, 0x40045431, 0x0) (async)
r6 = ioctl$TIOCGPTPEER(r5, 0x5441, 0xb3d)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000140)=0x1b)
setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f0000000100)=0xa, 0x4)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x1, 0x7fff0006}]})
close_range(r7, 0xffffffffffffffff, 0x0)

4.747629513s ago: executing program 0 (id=464):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000041c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000300)={0x23800000, &(0x7f0000000040)=<r2=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r2, 0x0}])
write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, r1, {0x7, 0x27, 0x0, 0x801001a, 0x66d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}, 0x50)
rename(&(0x7f0000000100)='./file0/../file0/file0\x00', &(0x7f00000000c0)='./file0/../file0/file0\x00')

4.664433823s ago: executing program 2 (id=465):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x883, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x2000000, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0xfffffffffffffd6b)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
r3 = syz_open_dev$vbi(&(0x7f00000000c0), 0x2, 0x2)
ioctl$VIDIOC_G_PARM(r3, 0xc0cc5615, &(0x7f0000000340)={0xe, @raw_data="7c3ceeb932b00a3f117b0dde679dbcf56e22e4d1cbbd5b4c41b5af32c1e8ee88150857e7134fe106938574fcdddbce79595dd3a69caf3c7499defb6822617464a613ce2958fee65f9fd12cd2e277a1e4c9ec8d7ccd3234aa14181a725911bee43f1b44cecc63450116940c749a6eada63e185c87d06c9a9e9783c522a17e2669f9e3bf193aca9eb39354113aa1b40bd8f0b5933d8d619cac2c190d25abd32d530ea2595146266a639453480b69d4494d3da0dd97455bb4dbff0fbdbd0d947f6c4e75b87e5d86dfa4"})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r5, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

4.569221147s ago: executing program 1 (id=466):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
openat$sequencer2(0xffffff9c, 0x0, 0x143240, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
read(r1, 0x0, 0x0) (fail_nth: 2)

3.688696696s ago: executing program 0 (id=467):
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mremap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000, 0xa, &(0x7f0000ffb000/0x3000)=nil)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'bond0\x00', <r5=>0x0})
setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4)
ioctl$sock_qrtr_TIOCINQ(r0, 0x541b, &(0x7f0000000140))
sendto$packet(r4, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe955, 0x0, &(0x7f0000000540)={0xc9, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r7, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r8)
listen(0xffffffffffffffff, 0x0)
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r9, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

3.417043433s ago: executing program 3 (id=468):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001fc0)=@delchain={0x154, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x0, 0xfff3}, {0x4, 0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0x128, 0x2, [@TCA_BPF_ACT={0xe8, 0x1, [@m_mirred={0x68, 0x2, 0x0, 0x0, {{0xb}, {0x4}, {0x3a, 0x6, "dae0489b799d15556c6c7d44ae8f295fea1c62d64b963cf0dd1fcb6569ccece7639c45fe850fdd998bfb2bf1864e314a1573d71d7ce0"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_skbedit={0x7c, 0x3, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x1, 0x1, 0x5, 0xff, 0x17}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x2bdf}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x5}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xb, 0x1}}]}, {0x1f, 0x6, "6312ba1453c5d091a0881fca14b9956480f3cad707c642f8a483d1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}, @TCA_BPF_POLICE={0x0, 0x2, [@TCA_POLICE_AVRATE={0x0, 0x4, 0x9492d81}, @TCA_POLICE_AVRATE={0x0, 0x4, 0x80000}, @TCA_POLICE_RATE={0x0, 0x2, [0x70, 0x2, 0x8af7, 0x200, 0x7, 0x401, 0x10001, 0x5, 0x7, 0x1, 0x4, 0xa, 0xfff, 0x3, 0x4, 0x800, 0x8, 0x9, 0x5, 0x4, 0x596, 0x10001, 0x18, 0x9e, 0x6e, 0x2, 0x9, 0xfffffff8, 0xfffefffd, 0x9, 0x6, 0x4, 0xad, 0x27e52c8f, 0x1ff, 0x1d60, 0xc7f, 0x2, 0x4, 0x36, 0x5, 0x81a5, 0x80000001, 0x1, 0x6e8fd035, 0x4, 0x5, 0x1, 0x6, 0x1, 0x80, 0x8, 0x2, 0x3, 0x5, 0xf7e, 0x5, 0x0, 0xa5e0, 0x9, 0x81, 0xf, 0x5, 0x3, 0xfd5, 0x9, 0x60800000, 0x4, 0xe10, 0xfffffff7, 0x6a800000, 0x1, 0x1, 0x7fff, 0x7, 0x3ff, 0x7, 0x6, 0x8, 0x5a6, 0x1, 0x2a, 0x101, 0x7, 0xd, 0x3, 0x8, 0x0, 0x0, 0x7, 0x5, 0x4, 0x6, 0x3ab4, 0xc42e, 0x0, 0x9, 0x6792, 0x8, 0x9, 0x6, 0x8, 0x7, 0xc1e, 0xb1, 0x57, 0x7, 0x1, 0x0, 0x3, 0x400, 0x4, 0x9, 0xc5f2, 0xc, 0x2, 0x8, 0x3, 0x1000, 0x2, 0x3, 0x895, 0xe7, 0x8, 0x5bf, 0x7fff, 0x7, 0xa1, 0x3, 0x0, 0x400, 0x5, 0x5, 0x6, 0x7, 0x5, 0x9, 0x0, 0x2, 0x9, 0xfffffffb, 0x2, 0x1, 0x4, 0x4, 0x7, 0x2, 0x4, 0x3, 0x40, 0x4, 0x7, 0x5, 0x4, 0xb9, 0x8, 0x1ff, 0x6, 0xa, 0x2, 0x4b, 0xfffffffb, 0x8, 0x3ff, 0x9, 0xff, 0x1, 0x9a, 0x10000, 0x10001, 0xcf, 0x1, 0x4, 0x7f, 0x6b3a, 0x18, 0x5, 0xfffffffb, 0x8, 0xffffff01, 0x1, 0x40, 0x2, 0x7ff, 0x3, 0x0, 0x8, 0x4, 0xffff8001, 0x0, 0x6, 0x0, 0x7fffffff, 0x6, 0x8465, 0x3, 0x8000, 0x0, 0x80000001, 0x2, 0x3, 0xceb4, 0x2, 0x8000, 0x8, 0x200, 0xb, 0x1, 0x8, 0x8, 0x3, 0x0, 0x7, 0xb97, 0xef7, 0x260, 0xb, 0x8, 0x895, 0x2, 0xf5f2, 0x7, 0xd0, 0x10001, 0x1, 0x1, 0x73, 0x9, 0xdfe2, 0x8, 0xffff8001, 0x0, 0x85, 0x7375, 0x1000, 0x4b3, 0x2, 0x3b263740, 0x1, 0x100, 0x400, 0x8001, 0x2, 0xbb, 0xdbee, 0x10001, 0x7, 0xe01, 0x2, 0x4, 0x9, 0x89, 0xb98, 0x8, 0xffffffff, 0x9]}, @TCA_POLICE_RATE64]}, @TCA_BPF_ACT={0x30, 0x1, [@m_bpf={0x2c, 0x5, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xff81, 0x7, {0x1}}, {0xc, 0x8, {0x22bf533d53fd5981, 0x3}}}}]}]}}]}, 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

3.196969046s ago: executing program 3 (id=469):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0x14, 0x2, 0x0, "11010000001400000100b64c0000005c4b7c1500", 0x30314442})
socket(0x1d, 0x2, 0x6)
r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r4, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3300000010001fff0000000001000000000000d7", @ANYRESOCT=r5, @ANYRESHEX, @ANYRES64=r4], 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x81)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff020000bfa3000000000000070300c000feffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed00ffbf002000000000001d440000000000007a0a00fe00ffffffc3030000a0000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffbf}, 0x48)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x1, 0x803, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r10 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000007c0)={0x3, 0x4, 0x4, 0xa, 0x0, r4, 0x0, '\x00', r7, r4, 0x3, 0x5, 0x3}, 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000008c0)=@bpf_ext={0x1c, 0x2f, &(0x7f0000000640)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x8001}, {}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100}}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffb}], {{}, {}, {0x85, 0x0, 0x0, 0x8738247d73fe6e2d}}}, &(0x7f00000000c0)='GPL\x00', 0x5, 0x82, &(0x7f0000000340)=""/130, 0x40f00, 0xc, '\x00', r7, 0x0, r4, 0x8, &(0x7f0000000500)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x1, 0xb, 0x6, 0x9}, 0x10, 0x2bdb7, r4, 0x7, &(0x7f0000000580)=[r4, r4, r10, r4, r4, r4, 0xffffffffffffffff, r4, r4, r4], &(0x7f0000000840)=[{0x3, 0x3, 0x3, 0x5}, {0x3, 0x5, 0x0, 0x5}, {0x3, 0x1, 0x4, 0x8}, {0x5, 0x3, 0xe, 0x6}, {0x4, 0x4, 0x7, 0x3}, {0x0, 0x1, 0xe, 0x6}, {0x1, 0x5, 0xd, 0xb}]}, 0x94)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="400000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0005000000000000180012800b0001006772657461700000080002800400120008000a00", @ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32=r11, @ANYBLOB, @ANYRES32=r11, @ANYBLOB], 0x4c}}, 0x0)

1.687243167s ago: executing program 0 (id=470):
r0 = socket$inet6(0xa, 0x1, 0xfffff08d)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={<r2=>0x0, @in6={{0xa, 0x4e23, 0x5, @private1, 0x6f05}}}, &(0x7f00000000c0)=0x84)
setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000100)={r2, 0x2}, 0x8)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r1, 0xf504, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000140)={r2, 0x48, "dd54c4413c0295192230fe96f4e3a258a8b5f560f7ad8fdee0d41285cbc183d6427aa920515105de6c0b4da1359a100e6255f361a1d85a420c6361b3a29a4f8872ffbed392c88532"}, &(0x7f00000001c0)=0x50)
r3 = syz_open_dev$hiddev(&(0x7f0000000200), 0xffff, 0x4b0282)
ioctl$HIDIOCSFLAG(r3, 0x4004480f, &(0x7f0000000240)=0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r4, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, r5, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x4, 0x4}}}}}, 0x28}}, 0x7533621c49776f8c)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000440), r4)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r4, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x4c, r7, 0x200, 0x70bd29, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0x8001)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000580), r4)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000005c0)={{0x1, 0x1, 0x18, <r8=>r3, {0x1}}, './file0\x00'})
r9 = openat$dlm_control(0xffffff9c, &(0x7f0000000600), 0x400140, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r8, 0x3ba0, &(0x7f0000000640)={0x48, 0x7, r9, 0x0, 0x1, 0x0, 0x80000000, 0xd})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r10, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x70, r5, 0x400, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x5, 0x3b}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_FRAME={0x22, 0x33, @mgmt_frame=@deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x6}, @device_a, @device_a, @random="93ff3fe2854d", {0x8, 0x4}, @value=@ver_80211n={0x0, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1}}, 0x11, @void}}]}, 0x70}}, 0x4000)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r8, 0x1, &(0x7f0000000800)={0x200, r1}, 0x0)
ioctl$sock_qrtr_TIOCOUTQ(r8, 0x5411, &(0x7f0000000840))
ioctl$BLKRRPART(r9, 0x125f, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000900)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000008c0)={<r11=>0xffffffffffffffff}, 0x2, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r9, &(0x7f0000000940)={0x16, 0x98, 0xfa00, {&(0x7f0000000880), 0x3, r11, 0x1c, 0x0, @in6={0xa, 0x4e20, 0x0, @loopback, 0xf49}}}, 0xa0)
r12 = openat$vmci(0xffffff9c, &(0x7f0000000a00), 0x2, 0x0)
connect$rds(r12, &(0x7f0000000a40)={0x2, 0x4e23, @remote}, 0x10)
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r9, 0x3ba0, &(0x7f0000000b00)={0x48, 0x8, r8, 0x0, 0x4, 0x2244d3, 0x63, &(0x7f0000000a80)="9930eeca23538176891db3067b33e52021ca0f85df1d079df71f27bb3a394e9f406980794994a843c545f708b7a7d32150c3a40d009ac5405645a98c47d3803d4a2756a562e1cf04e193464fbc25c578698862af93b4e72238331649467a8350252648"})
setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000b80)={0x42, 0x0, 0x2}, 0x10)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r9, 0x3ba0, &(0x7f0000000bc0)={0x48, 0x7, r8, 0x0, 0x10000, 0x0, 0x8, 0x27698d, 0x1f97d0})

1.642819909s ago: executing program 4 (id=471):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x40810}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008001}, 0x4804)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000001c0)={0x0, 0xffff}, 0x8)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xf)
ioctl$sock_SIOCETHTOOL(r2, 0x89f6, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000400)=@ethtool_regs={0x4, 0x1}})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x114, 0x0, 0x0, 0x4)
timer_create(0x0, 0x0, 0x0)
r3 = fsopen(&(0x7f00000000c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
close(r0)

1.484744666s ago: executing program 2 (id=472):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d00)=""/242, 0xf2}, {&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f0000000940)=""/220, 0xdc}, {&(0x7f00000006c0)=""/188, 0xbc}, {&(0x7f0000000540)=""/213, 0xd5}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f0000000480)=""/176, 0xb0}, {&(0x7f0000000c00)=""/208, 0xd0}], 0x8}, 0x40012100)

1.416805728s ago: executing program 0 (id=473):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2, 0xa}}, 0xffffffffffffffdf)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r3}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000200)={&(0x7f0000000180), &(0x7f0000000440)=""/179, &(0x7f0000000500), &(0x7f00000006c0), 0x3, r3}, 0x38)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/mdstat\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000180)={0x2020}, 0x2024)
socket$key(0xf, 0x3, 0x2)
syz_emit_ethernet(0x7a, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd60dd690b00442f00fc000000000000000000000000000000ff020000000000000000000000000001242081000000000000000800000086dd080088be81000000100000000100000000000000ff0022eb000000002000000002000000000000000000000008"], 0x0) (fail_nth: 2)
socket$inet6(0xa, 0x2, 0x0)

1.375478605s ago: executing program 1 (id=474):
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000680)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x68, &(0x7f00000006c0)={@fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, &(0x7f0000000440)=""/210, 0xd2, 0x1, 0x29}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

1.112649495s ago: executing program 2 (id=475):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x28, r2, 0x3, 0xfffffffd, 0x0, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}]}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0xf00}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x4044890)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TCSETSW2(r0, 0x5408, 0x0)

600.24477ms ago: executing program 1 (id=476):
r0 = io_uring_setup(0x6503, &(0x7f0000001300)={0x0, 0x83be, 0x1046})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f00000000c0), 0x0)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
mmap(&(0x7f0000800000/0x3000)=nil, 0x3000, 0x4, 0x66032, 0xffffffffffffffff, 0x40000000)
mremap(&(0x7f00007fd000/0xe000)=nil, 0xe000, 0x3000, 0x3, &(0x7f0000002000/0x3000)=nil)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r1 = socket(0x2a, 0x2, 0x0)
ioctl$SIOCSIFMTU(r1, 0x541b, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0xff87)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x7, 0x9, 0x0, 0xfffffe0000000004, 0xfa11, 0xffffffff}, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x4, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000a51000/0x1000)=nil, 0x1000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r2 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x5, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}, 0x1, 0x0, 0x0, 0x48050}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0x20}}, 0x0)

452.080407ms ago: executing program 3 (id=477):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="380000001000011000"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000080004004400000008001b00"], 0x38}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r6, 0x6, 0x16, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r6, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'tunl0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[], 0x40}}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000180)={0xfffffffffffffffe, <r7=>r1, 0x1})
ioctl$SIOCGETSGCNT(r7, 0x89e1, &(0x7f00000001c0)={@broadcast, @remote})

217.039861ms ago: executing program 4 (id=478):
socket$inet6_sctp(0xa, 0x801, 0x84)
r0 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x200}, 0x0)
prlimit64(0xffffffffffffffff, 0x8, 0x0, &(0x7f0000002280))
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x18557f, 0x0)
socket$inet(0x2, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)={0x2c, r4, 0x5, 0x70bd25, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}]}]}, 0x2c}}, 0x40006)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000300)={{@host, 0xd}, 0x1})
r5 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00')
read$FUSE(r5, &(0x7f0000000240)={0x2020}, 0x2020)
r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000cbba25083b0904a10100010203010902120001000020000904"], 0x0)
fsopen(&(0x7f0000000300)='binfmt_misc\x00', 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r7, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_int(r7, 0x6, 0x19, &(0x7f0000002300)=0xa, 0x4)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000022c0)={'#! ', './file0'}, 0xb)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_disconnect(r6)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0xffef}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x34, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}]}, @NFT_MSG_NEWSETELEM={0x34, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x8, 0x3, 0x0, 0x1, [{0x4}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe0}}, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x93a, 0x8002, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0x80, 0x4, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x1, 0x2, 0x9, {0x9, 0x21, 0x8, 0x5, 0x1, {0x22, 0x967}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x3, 0x9, 0x1}}}}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000500)={0xa, 0x6, 0x200, 0xf, 0x34, 0xa, 0x10, 0x6}, 0x19, &(0x7f00000000c0)={0x5, 0xf, 0x19, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xb, 0x8, 0x2, 0xbfd0}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x7, 0x2, 0x62a7}]}, 0x6, [{0x0, 0x0}, {0x2, &(0x7f00000001c0)=@string={0x2}}, {0x3e, &(0x7f0000000340)=@string={0x3e, 0x3, "baf570e187e9fa4c8f9632df9ae2276ac6b20e9dde6c6353adae892f2e8f48543b0b8288d6bccef028d9c45e0d0dbd4789b1665b3fcbc0b35f3ded92"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x441}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x41d}}, {0x46, &(0x7f0000000400)=@string={0x46, 0x3, "eb2b468f93d8201851aa4cc5b7925501962fb28a3eeea424c69316a40664151d3672f93c72fd04806ec6c4f16cdb7635d2288bc4d1893d50769bc50e99f1c1282703213d"}}]})

174.462431ms ago: executing program 2 (id=479):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x3, 0x2b4}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140))
r6 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r6, &(0x7f0000000240)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000440)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = syz_open_dev$media(&(0x7f0000000140), 0xc, 0x80d00)
ioctl$MEDIA_IOC_G_TOPOLOGY(r7, 0xc0487c04, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86, 0x0, 0x0, 0x3, 0x0, &(0x7f00000002c0)})
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r1, &(0x7f0000000200)="c87d154d74d0c13c9ec74207e5da6bde1f220935b5e231bb28154fe343e0b32bcc28b58ace89e4bb4e9055a6f293a4aaced131c0f590a45b51a4ea6dbb46", 0x0}, 0x1c)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, 0x0)

0s ago: executing program 1 (id=480):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x40000001ed602, 0x0)
io_setup(0x6, &(0x7f0000000100)=<r1=>0x0)
io_submit(r1, 0x2000000000000153, &(0x7f00000000c0)=[&(0x7f0000000200)={0x0, 0x0, 0x20, 0x1, 0x0, r0, 0x0, 0xfe00}])
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000140), 0x4, 0x48202)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e21, @loopback}], 0x10)
setsockopt(r3, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8)
recvmsg(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000480)={{0x0, 0x3, 0x1, 0x4}, 'syz0\x00', 0x10})
ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0xee)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$UI_DEV_CREATE(r2, 0x5501)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002340)="d8000000180081054e81f782db4cb904021d0800fe007c05e8fe55a10a0015000900142603600e12080005007f370401a8001600200004000400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2e98a61e284ce5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970392", 0xd8}], 0x1}, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r5, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

T6678]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.726681][ T6678]  ? __pfx__printk+0x10/0x10
[  152.726718][ T6678]  ? __pfx___might_resched+0x10/0x10
[  152.726743][ T6678]  should_fail_ex+0x414/0x560
[  152.726781][ T6678]  should_failslab+0xa8/0x100
[  152.726815][ T6678]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  152.726845][ T6678]  ? __alloc_skb+0x112/0x2d0
[  152.726874][ T6678]  __alloc_skb+0x112/0x2d0
[  152.726902][ T6678]  netlink_sendmsg+0x5c6/0xb30
[  152.726937][ T6678]  ? __pfx_netlink_sendmsg+0x10/0x10
[  152.726963][ T6678]  ? __import_iovec+0x5d4/0x7f0
[  152.726989][ T6678]  ? aa_sock_msg_perm+0xf1/0x1d0
[  152.727013][ T6678]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  152.727036][ T6678]  ? __pfx_netlink_sendmsg+0x10/0x10
[  152.727060][ T6678]  __sock_sendmsg+0x219/0x270
[  152.727096][ T6678]  ____sys_sendmsg+0x505/0x830
[  152.727129][ T6678]  ? __pfx_____sys_sendmsg+0x10/0x10
[  152.727174][ T6678]  ___sys_sendmsg+0x21f/0x2a0
[  152.727204][ T6678]  ? __pfx____sys_sendmsg+0x10/0x10
[  152.727270][ T6678]  ? __fget_files+0x2a/0x420
[  152.727288][ T6678]  ? __fget_files+0x3a0/0x420
[  152.727318][ T6678]  __sys_sendmsg+0x164/0x220
[  152.727347][ T6678]  ? __pfx___sys_sendmsg+0x10/0x10
[  152.727392][ T6678]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.727418][ T6678]  __do_fast_syscall_32+0xb6/0x2b0
[  152.727444][ T6678]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.727471][ T6678]  do_fast_syscall_32+0x34/0x80
[  152.727496][ T6678]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  152.727521][ T6678] RIP: 0023:0xf700e539
[  152.727539][ T6678] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  152.727561][ T6678] RSP: 002b:00000000f53fe55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  152.727582][ T6678] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  152.727596][ T6678] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  152.727608][ T6678] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  152.727619][ T6678] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  152.727630][ T6678] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  152.727660][ T6678]  </TASK>
[  152.988456][    C1] vkms_vblank_simulate: vblank timer overrun
[  153.315317][ T6671] loop4: detected capacity change from 0 to 7
[  153.364145][ T6671] Dev loop4: unable to read RDB block 7
[  153.406742][ T6671]  loop4: AHDI p1 p2 p3
[  153.414900][ T6671] loop4: partition table partially beyond EOD, truncated
[  153.434379][ T6671] loop4: p1 start 16843009 is beyond EOD, truncated
[  153.471033][ T6681] input: syz0 as /devices/virtual/input/input12
[  153.564330][ T6681] netlink: 'syz.2.211': attribute type 21 has an invalid length.
[  153.864670][ T6689] FAULT_INJECTION: forcing a failure.
[  153.864670][ T6689] name failslab, interval 1, probability 0, space 0, times 0
[  153.902195][ T6689] CPU: 0 UID: 0 PID: 6689 Comm: syz.4.214 Not tainted syzkaller #0 PREEMPT(full) 
[  153.902232][ T6689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  153.902245][ T6689] Call Trace:
[  153.902253][ T6689]  <TASK>
[  153.902263][ T6689]  dump_stack_lvl+0x189/0x250
[  153.902294][ T6689]  ? __pfx____ratelimit+0x10/0x10
[  153.902317][ T6689]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.902343][ T6689]  ? __pfx__printk+0x10/0x10
[  153.902380][ T6689]  ? __pfx___might_resched+0x10/0x10
[  153.902406][ T6689]  should_fail_ex+0x414/0x560
[  153.902445][ T6689]  should_failslab+0xa8/0x100
[  153.902479][ T6689]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  153.902510][ T6689]  ? __alloc_skb+0x112/0x2d0
[  153.902538][ T6689]  __alloc_skb+0x112/0x2d0
[  153.902574][ T6689]  netlink_sendmsg+0x5c6/0xb30
[  153.902608][ T6689]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.902652][ T6689]  ? __import_iovec+0x5d4/0x7f0
[  153.902678][ T6689]  ? aa_sock_msg_perm+0xf1/0x1d0
[  153.902701][ T6689]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  153.902725][ T6689]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.902749][ T6689]  __sock_sendmsg+0x219/0x270
[  153.902787][ T6689]  ____sys_sendmsg+0x505/0x830
[  153.902820][ T6689]  ? __pfx_____sys_sendmsg+0x10/0x10
[  153.902866][ T6689]  ___sys_sendmsg+0x21f/0x2a0
[  153.902896][ T6689]  ? __pfx____sys_sendmsg+0x10/0x10
[  153.902963][ T6689]  ? __fget_files+0x2a/0x420
[  153.902981][ T6689]  ? __fget_files+0x3a0/0x420
[  153.903011][ T6689]  __sys_sendmsg+0x164/0x220
[  153.903040][ T6689]  ? __pfx___sys_sendmsg+0x10/0x10
[  153.903085][ T6689]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.903112][ T6689]  __do_fast_syscall_32+0xb6/0x2b0
[  153.903138][ T6689]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.903169][ T6689]  do_fast_syscall_32+0x34/0x80
[  153.903194][ T6689]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  153.903220][ T6689] RIP: 0023:0xf7f23539
[  153.903238][ T6689] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  153.903256][ T6689] RSP: 002b:00000000f541655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  153.903277][ T6689] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080003740
[  153.903291][ T6689] RDX: 0000000028008004 RSI: 0000000000000000 RDI: 0000000000000000
[  153.903304][ T6689] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  153.903315][ T6689] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  153.903327][ T6689] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  153.903357][ T6689]  </TASK>
[  154.177048][   T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  154.376467][   T24] usb 1-1: Using ep0 maxpacket: 16
[  154.395594][   T24] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  154.416181][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.491791][   T24] usb 1-1: Product: syz
[  154.496055][   T24] usb 1-1: Manufacturer: syz
[  154.536862][   T24] usb 1-1: SerialNumber: syz
[  154.558423][   T24] r8152-cfgselector 1-1: Unknown version 0x0000
[  154.564927][   T24] r8152-cfgselector 1-1: config 0 descriptor??
[  154.578117][   T24] hub 1-1:0.0: bad descriptor, ignoring hub
[  154.584661][   T24] hub 1-1:0.0: probe with driver hub failed with error -5
[  154.623538][ T6693] xt_cluster: you have exceeded the maximum number of cluster nodes (37482740 > 32)
[  154.687886][ T6694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  154.804626][ T6687] netlink: 20 bytes leftover after parsing attributes in process `syz.0.213'.
[  154.816884][ T6702] netlink: 4 bytes leftover after parsing attributes in process `syz.2.217'.
[  154.828180][ T6702] netlink: 4 bytes leftover after parsing attributes in process `syz.2.217'.
[  155.798212][ T6710] netlink: 'syz.4.222': attribute type 4 has an invalid length.
[  155.918917][   T24] r8152-cfgselector 1-1: Unknown version 0x0000
[  155.928142][   T24] r8152-cfgselector 1-1: bad CDC descriptors
[  155.988787][   T24] r8152-cfgselector 1-1: USB disconnect, device number 8
[  156.151226][ T6720] FAULT_INJECTION: forcing a failure.
[  156.151226][ T6720] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  156.201420][ T6720] CPU: 1 UID: 0 PID: 6720 Comm: syz.4.225 Not tainted syzkaller #0 PREEMPT(full) 
[  156.201465][ T6720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  156.201478][ T6720] Call Trace:
[  156.201486][ T6720]  <TASK>
[  156.201495][ T6720]  dump_stack_lvl+0x189/0x250
[  156.201535][ T6720]  ? __pfx____ratelimit+0x10/0x10
[  156.201559][ T6720]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.201585][ T6720]  ? __pfx__printk+0x10/0x10
[  156.201615][ T6720]  ? __might_fault+0xb0/0x130
[  156.201657][ T6720]  should_fail_ex+0x414/0x560
[  156.201694][ T6720]  _copy_from_iter+0x1de/0x1790
[  156.201722][ T6720]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  156.201752][ T6720]  ? policy_nodemask+0x27c/0x720
[  156.201782][ T6720]  ? __pfx__copy_from_iter+0x10/0x10
[  156.201812][ T6720]  ? set_page_refcounted+0xa0/0x1e0
[  156.201841][ T6720]  ? page_copy_sane+0x4e/0x280
[  156.201859][ T6720]  copy_page_from_iter+0xdd/0x170
[  156.201880][ T6720]  tun_get_user+0x1d7b/0x3ea0
[  156.201903][ T6720]  ? tun_get_user+0x6f6/0x3ea0
[  156.201926][ T6720]  ? aa_file_perm+0x44d/0x1550
[  156.201943][ T6720]  ? __pfx_tun_get_user+0x10/0x10
[  156.201959][ T6720]  ? _parse_integer_limit+0x1ae/0x1f0
[  156.201980][ T6720]  ? __lock_acquire+0xab9/0xd20
[  156.202006][ T6720]  ? ref_tracker_alloc+0x318/0x460
[  156.202018][ T6720]  ? __lock_acquire+0xab9/0xd20
[  156.202043][ T6720]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  156.202061][ T6720]  ? tun_get+0x1c/0x2f0
[  156.202082][ T6720]  ? tun_get+0x1c/0x2f0
[  156.202099][ T6720]  ? tun_get+0x1c/0x2f0
[  156.202119][ T6720]  tun_chr_write_iter+0x113/0x200
[  156.202138][ T6720]  vfs_write+0x5c6/0xb30
[  156.202162][ T6720]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  156.202180][ T6720]  ? __pfx_vfs_write+0x10/0x10
[  156.202208][ T6720]  ? __fget_files+0x2a/0x420
[  156.202240][ T6720]  ksys_write+0x145/0x250
[  156.202264][ T6720]  ? __pfx_ksys_write+0x10/0x10
[  156.202287][ T6720]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.202306][ T6720]  __do_fast_syscall_32+0xb6/0x2b0
[  156.202324][ T6720]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.202342][ T6720]  do_fast_syscall_32+0x34/0x80
[  156.202359][ T6720]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  156.202377][ T6720] RIP: 0023:0xf7f23539
[  156.202391][ T6720] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  156.202404][ T6720] RSP: 002b:00000000f53f5520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  156.202419][ T6720] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000680
[  156.202429][ T6720] RDX: 0000000000000036 RSI: 00000000f73b5ff4 RDI: 0000000000000000
[  156.202438][ T6720] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  156.202450][ T6720] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  156.202459][ T6720] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  156.202479][ T6720]  </TASK>
[  156.632571][ T6721] syz.0.224 uses obsolete (PF_INET,SOCK_PACKET)
[  156.781808][   T44] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  156.997431][   T44] usb 4-1: Using ep0 maxpacket: 16
[  157.004997][   T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.015967][   T44] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  157.025937][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.038937][ T5947] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  157.116834][   T44] usb 4-1: config 0 descriptor??
[  157.144858][   T44] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  157.196428][ T5947] usb 2-1: Using ep0 maxpacket: 16
[  157.224924][ T5947] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  157.254838][ T5947] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  157.291424][ T5947] usb 2-1: config 0 has no interface number 0
[  157.311756][ T5947] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  157.322908][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.345299][   T24] usb 4-1: USB disconnect, device number 9
[  157.365483][ T5947] usb 2-1: Product: syz
[  157.389109][ T5947] usb 2-1: Manufacturer: syz
[  157.416129][ T5947] usb 2-1: SerialNumber: syz
[  157.465399][ T5947] usb 2-1: config 0 descriptor??
[  157.692549][ T5947] usb 2-1: Found UVC 0.00 device syz (046d:08f3)
[  157.736832][ T5947] usb 2-1: No valid video chain found.
[  157.897925][ T6727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  157.967162][ T6727] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  157.983211][ T5874] usb 2-1: USB disconnect, device number 8
[  158.110610][ T6751] FAULT_INJECTION: forcing a failure.
[  158.110610][ T6751] name failslab, interval 1, probability 0, space 0, times 0
[  158.133324][ T6751] CPU: 0 UID: 0 PID: 6751 Comm: syz.0.236 Not tainted syzkaller #0 PREEMPT(full) 
[  158.133364][ T6751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  158.133378][ T6751] Call Trace:
[  158.133386][ T6751]  <TASK>
[  158.133395][ T6751]  dump_stack_lvl+0x189/0x250
[  158.133426][ T6751]  ? __pfx____ratelimit+0x10/0x10
[  158.133449][ T6751]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.133475][ T6751]  ? __pfx__printk+0x10/0x10
[  158.133510][ T6751]  ? __pfx___might_resched+0x10/0x10
[  158.133537][ T6751]  should_fail_ex+0x414/0x560
[  158.133576][ T6751]  should_failslab+0xa8/0x100
[  158.133611][ T6751]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  158.133642][ T6751]  ? __alloc_skb+0x112/0x2d0
[  158.133672][ T6751]  __alloc_skb+0x112/0x2d0
[  158.133701][ T6751]  netlink_sendmsg+0x5c6/0xb30
[  158.133741][ T6751]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.133776][ T6751]  ? __import_iovec+0x5d4/0x7f0
[  158.133803][ T6751]  ? aa_sock_msg_perm+0xf1/0x1d0
[  158.133827][ T6751]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  158.133851][ T6751]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.133876][ T6751]  __sock_sendmsg+0x219/0x270
[  158.133913][ T6751]  ____sys_sendmsg+0x505/0x830
[  158.133948][ T6751]  ? __pfx_____sys_sendmsg+0x10/0x10
[  158.133993][ T6751]  ___sys_sendmsg+0x21f/0x2a0
[  158.134023][ T6751]  ? __pfx____sys_sendmsg+0x10/0x10
[  158.134088][ T6751]  ? __fget_files+0x2a/0x420
[  158.134107][ T6751]  ? __fget_files+0x3a0/0x420
[  158.134136][ T6751]  __sys_sendmsg+0x164/0x220
[  158.134166][ T6751]  ? __pfx___sys_sendmsg+0x10/0x10
[  158.134211][ T6751]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.134236][ T6751]  __do_fast_syscall_32+0xb6/0x2b0
[  158.134261][ T6751]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.134287][ T6751]  do_fast_syscall_32+0x34/0x80
[  158.134312][ T6751]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  158.134344][ T6751] RIP: 0023:0xf70ee539
[  158.134363][ T6751] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  158.134382][ T6751] RSP: 002b:00000000f54de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  158.134403][ T6751] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000280
[  158.134418][ T6751] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  158.134430][ T6751] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  158.134441][ T6751] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  158.134453][ T6751] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  158.134483][ T6751]  </TASK>
[  158.450315][ T6756] FAULT_INJECTION: forcing a failure.
[  158.450315][ T6756] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.467193][ T6756] CPU: 1 UID: 0 PID: 6756 Comm: syz.2.238 Not tainted syzkaller #0 PREEMPT(full) 
[  158.467223][ T6756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  158.467236][ T6756] Call Trace:
[  158.467245][ T6756]  <TASK>
[  158.467254][ T6756]  dump_stack_lvl+0x189/0x250
[  158.467286][ T6756]  ? __pfx____ratelimit+0x10/0x10
[  158.467318][ T6756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.467345][ T6756]  ? __pfx__printk+0x10/0x10
[  158.467379][ T6756]  ? __might_fault+0xb0/0x130
[  158.467417][ T6756]  should_fail_ex+0x414/0x560
[  158.467455][ T6756]  _copy_from_user+0x2d/0xb0
[  158.467485][ T6756]  move_addr_to_kernel+0x7e/0x160
[  158.467519][ T6756]  get_compat_msghdr+0x3bd/0x4a0
[  158.467552][ T6756]  ? __pfx_get_compat_msghdr+0x10/0x10
[  158.467592][ T6756]  ___sys_sendmsg+0x193/0x2a0
[  158.467622][ T6756]  ? __pfx____sys_sendmsg+0x10/0x10
[  158.467690][ T6756]  ? __fget_files+0x2a/0x420
[  158.467708][ T6756]  ? __fget_files+0x3a0/0x420
[  158.467739][ T6756]  __sys_sendmsg+0x164/0x220
[  158.467768][ T6756]  ? __pfx___sys_sendmsg+0x10/0x10
[  158.467813][ T6756]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.467867][ T6756]  __do_fast_syscall_32+0xb6/0x2b0
[  158.467894][ T6756]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.467921][ T6756]  do_fast_syscall_32+0x34/0x80
[  158.467946][ T6756]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  158.467972][ T6756] RIP: 0023:0xf700e539
[  158.467991][ T6756] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  158.468010][ T6756] RSP: 002b:00000000f53fe55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  158.468032][ T6756] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  158.468047][ T6756] RDX: 0000000004004000 RSI: 0000000000000000 RDI: 0000000000000000
[  158.468060][ T6756] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  158.468072][ T6756] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  158.468084][ T6756] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  158.468115][ T6756]  </TASK>
[  158.693581][    C1] vkms_vblank_simulate: vblank timer overrun
[  158.730709][ T6757] input: syz0 as /devices/virtual/input/input13
[  158.760116][  T979] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  158.948704][  T979] usb 4-1: Using ep0 maxpacket: 16
[  158.990262][  T979] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  159.048868][  T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.101742][  T979] usb 4-1: Product: syz
[  159.119342][  T979] usb 4-1: Manufacturer: syz
[  159.157201][  T979] usb 4-1: SerialNumber: syz
[  159.169031][  T979] r8152-cfgselector 4-1: Unknown version 0x0000
[  159.195742][  T979] r8152-cfgselector 4-1: config 0 descriptor??
[  159.321685][    T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  159.373015][  T979] hub 4-1:0.0: bad descriptor, ignoring hub
[  159.456485][  T979] hub 4-1:0.0: probe with driver hub failed with error -5
[  159.593817][    T9] usb 5-1: Using ep0 maxpacket: 16
[  159.631057][ T6769] netlink: 4 bytes leftover after parsing attributes in process `syz.0.242'.
[  159.650451][ T6769] netlink: 'syz.0.242': attribute type 10 has an invalid length.
[  159.776021][    T9] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[  159.776947][ T6771] netlink: 'syz.1.244': attribute type 21 has an invalid length.
[  159.810818][ T6749] netlink: 20 bytes leftover after parsing attributes in process `syz.3.235'.
[  159.829490][ T6769] hsr_slave_0: left promiscuous mode
[  159.835122][    T9] usb 5-1: config 0 has no interface number 0
[  159.850293][ T6769] hsr_slave_1: left promiscuous mode
[  159.932427][ T6771] netlink: 132 bytes leftover after parsing attributes in process `syz.1.244'.
[  159.989281][    T9] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  160.016532][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.041111][    T9] usb 5-1: Product: syz
[  160.045463][    T9] usb 5-1: Manufacturer: syz
[  160.081782][    T9] usb 5-1: SerialNumber: syz
[  160.114907][    T9] usb 5-1: config 0 descriptor??
[  160.193266][    T9] asix 5-1:0.251: probe with driver asix failed with error -22
[  160.468286][  T979] r8152-cfgselector 4-1: Unknown version 0x0000
[  160.484887][  T979] r8152-cfgselector 4-1: bad CDC descriptors
[  160.821249][  T979] r8152-cfgselector 4-1: USB disconnect, device number 10
[  160.858875][ T6781] FAULT_INJECTION: forcing a failure.
[  160.858875][ T6781] name failslab, interval 1, probability 0, space 0, times 0
[  160.871911][ T6781] CPU: 0 UID: 0 PID: 6781 Comm: syz.1.246 Not tainted syzkaller #0 PREEMPT(full) 
[  160.871932][ T6781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  160.871941][ T6781] Call Trace:
[  160.871947][ T6781]  <TASK>
[  160.871954][ T6781]  dump_stack_lvl+0x189/0x250
[  160.871977][ T6781]  ? __pfx____ratelimit+0x10/0x10
[  160.871994][ T6781]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.872013][ T6781]  ? __pfx__printk+0x10/0x10
[  160.872032][ T6781]  ? __local_bh_enable_ip+0x12d/0x1c0
[  160.872054][ T6781]  ? rcu_is_watching+0x15/0xb0
[  160.872071][ T6781]  should_fail_ex+0x414/0x560
[  160.872099][ T6781]  should_failslab+0xa8/0x100
[  160.872123][ T6781]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  160.872145][ T6781]  ? __alloc_skb+0x112/0x2d0
[  160.872166][ T6781]  __alloc_skb+0x112/0x2d0
[  160.872185][ T6781]  tcp_send_active_reset+0x8c/0x6d0
[  160.872210][ T6781]  tcp_disconnect+0x171/0x1c60
[  160.872224][ T6781]  ? __pfx_reuseport_migrate_sock+0x10/0x10
[  160.872246][ T6781]  inet_child_forget+0x70/0x290
[  160.872269][ T6781]  ? inet_csk_listen_stop+0x15c/0xac0
[  160.872289][ T6781]  inet_csk_listen_stop+0x436/0xac0
[  160.872309][ T6781]  ? __local_bh_enable_ip+0x12d/0x1c0
[  160.872335][ T6781]  mptcp_check_listen_stop+0x1c6/0x2b0
[  160.872360][ T6781]  __mptcp_close+0xf6/0xa10
[  160.872380][ T6781]  ? __local_bh_enable_ip+0x12d/0x1c0
[  160.872398][ T6781]  ? do_raw_spin_unlock+0x122/0x240
[  160.872421][ T6781]  mptcp_close+0x28/0x1a0
[  160.872437][ T6781]  inet_release+0x144/0x190
[  160.872461][ T6781]  sock_close+0xc0/0x240
[  160.872483][ T6781]  ? __pfx_sock_close+0x10/0x10
[  160.872504][ T6781]  __fput+0x449/0xa70
[  160.872529][ T6781]  task_work_run+0x1d4/0x260
[  160.872552][ T6781]  ? __pfx_task_work_run+0x10/0x10
[  160.872575][ T6781]  ? exit_to_user_mode_loop+0x40/0x110
[  160.872600][ T6781]  exit_to_user_mode_loop+0xec/0x110
[  160.872621][ T6781]  __do_fast_syscall_32+0x1f4/0x2b0
[  160.872640][ T6781]  ? lockdep_hardirqs_on+0x9c/0x150
[  160.872659][ T6781]  do_fast_syscall_32+0x34/0x80
[  160.872676][ T6781]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  160.872694][ T6781] RIP: 0023:0xf7f66539
[  160.872707][ T6781] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  160.872720][ T6781] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 000000000000014a
[  160.872737][ T6781] RAX: 0000000000000003 RBX: 0000000000000005 RCX: 0000000000000003
[  160.872745][ T6781] RDX: 0000000000080000 RSI: 0000000000000000 RDI: 0000000000000000
[  160.872754][ T6781] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  160.872763][ T6781] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  160.872771][ T6781] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  160.872799][ T6781]  </TASK>
[  162.208008][ T6796] hub 1-0:1.0: USB hub found
[  162.247717][ T6796] hub 1-0:1.0: 1 port detected
[  162.463848][ T6798] FAULT_INJECTION: forcing a failure.
[  162.463848][ T6798] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  162.525836][ T6798] CPU: 0 UID: 0 PID: 6798 Comm: syz.3.252 Not tainted syzkaller #0 PREEMPT(full) 
[  162.525873][ T6798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  162.525886][ T6798] Call Trace:
[  162.525895][ T6798]  <TASK>
[  162.525905][ T6798]  dump_stack_lvl+0x189/0x250
[  162.525936][ T6798]  ? __pfx____ratelimit+0x10/0x10
[  162.525960][ T6798]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.525986][ T6798]  ? __pfx__printk+0x10/0x10
[  162.526017][ T6798]  ? __might_fault+0xb0/0x130
[  162.526060][ T6798]  should_fail_ex+0x414/0x560
[  162.526099][ T6798]  _copy_from_user+0x2d/0xb0
[  162.526129][ T6798]  sctp_setsockopt+0x19f/0x1200
[  162.526156][ T6798]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  162.526181][ T6798]  do_sock_setsockopt+0x17c/0x1b0
[  162.526226][ T6798]  __ia32_sys_setsockopt+0x13f/0x1b0
[  162.526260][ T6798]  __do_fast_syscall_32+0xb6/0x2b0
[  162.526287][ T6798]  ? lockdep_hardirqs_on+0x9c/0x150
[  162.526319][ T6798]  do_fast_syscall_32+0x34/0x80
[  162.526344][ T6798]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  162.526369][ T6798] RIP: 0023:0xf7f66539
[  162.526387][ T6798] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  162.526405][ T6798] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  162.526426][ T6798] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000084
[  162.526440][ T6798] RDX: 0000000000000009 RSI: 00000000800001c0 RDI: 000000000000009c
[  162.526454][ T6798] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  162.526465][ T6798] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  162.526487][ T6798] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  162.526518][ T6798]  </TASK>
[  162.783080][    T9] usb 5-1: USB disconnect, device number 13
[  163.257286][   T44] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  163.463445][   T44] usb 5-1: config 0 has no interfaces?
[  163.476614][   T44] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  163.495071][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.536747][   T44] usb 5-1: config 0 descriptor??
[  163.812326][ T6806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  163.821225][ T6806] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  164.029224][    T9] usb 5-1: USB disconnect, device number 14
[  164.896670][   T44] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  165.075130][   T44] usb 5-1: Using ep0 maxpacket: 16
[  165.092707][   T44] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  165.110041][   T44] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  165.137774][   T44] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  165.164524][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.182779][   T44] usb 5-1: Product: syz
[  165.191024][   T44] usb 5-1: Manufacturer: syz
[  165.195865][   T44] usb 5-1: SerialNumber: syz
[  165.404464][ T6836] input: syz0 as /devices/virtual/input/input14
[  165.677731][   T44] usb 5-1: 0:2 : does not exist
[  166.137357][   T44] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  166.400267][   T44] usb 5-1: USB disconnect, device number 15
[  166.533978][ T6414] udevd[6414]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such device
[  167.011552][ T6855] tipc: Started in network mode
[  167.036708][ T6855] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711
[  167.065534][ T6855] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  167.739446][ T6871] xt_cluster: you have exceeded the maximum number of cluster nodes (37482740 > 32)
[  168.023184][ T6874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  168.688392][ T6877] FAULT_INJECTION: forcing a failure.
[  168.688392][ T6877] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  168.712048][ T6877] CPU: 1 UID: 0 PID: 6877 Comm: syz.2.277 Not tainted syzkaller #0 PREEMPT(full) 
[  168.712078][ T6877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  168.712092][ T6877] Call Trace:
[  168.712100][ T6877]  <TASK>
[  168.712107][ T6877]  dump_stack_lvl+0x189/0x250
[  168.712131][ T6877]  ? __pfx____ratelimit+0x10/0x10
[  168.712157][ T6877]  ? __pfx_dump_stack_lvl+0x10/0x10
[  168.712174][ T6877]  ? __pfx__printk+0x10/0x10
[  168.712196][ T6877]  ? __might_fault+0xb0/0x130
[  168.712226][ T6877]  should_fail_ex+0x414/0x560
[  168.712253][ T6877]  _copy_from_user+0x2d/0xb0
[  168.712275][ T6877]  get_compat_msghdr+0xad/0x4a0
[  168.712298][ T6877]  ? __pfx_get_compat_msghdr+0x10/0x10
[  168.712325][ T6877]  ___sys_sendmsg+0x193/0x2a0
[  168.712348][ T6877]  ? __pfx____sys_sendmsg+0x10/0x10
[  168.712394][ T6877]  ? __fget_files+0x2a/0x420
[  168.712406][ T6877]  ? __fget_files+0x3a0/0x420
[  168.712428][ T6877]  __sys_sendmsg+0x164/0x220
[  168.712449][ T6877]  ? __pfx___sys_sendmsg+0x10/0x10
[  168.712480][ T6877]  ? lockdep_hardirqs_on+0x9c/0x150
[  168.712499][ T6877]  __do_fast_syscall_32+0xb6/0x2b0
[  168.712518][ T6877]  ? lockdep_hardirqs_on+0x9c/0x150
[  168.712537][ T6877]  do_fast_syscall_32+0x34/0x80
[  168.712555][ T6877]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  168.712574][ T6877] RIP: 0023:0xf700e539
[  168.712587][ T6877] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  168.712599][ T6877] RSP: 002b:00000000f53fe55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  168.712615][ T6877] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000100
[  168.712625][ T6877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  168.712634][ T6877] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  168.712642][ T6877] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  168.712651][ T6877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  168.712671][ T6877]  </TASK>
[  168.918526][    C1] vkms_vblank_simulate: vblank timer overrun
[  169.356547][ T6881] netlink: 20 bytes leftover after parsing attributes in process `syz.0.279'.
[  169.786601][ T6887] program syz.4.283 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  170.283506][ T6899] FAULT_INJECTION: forcing a failure.
[  170.283506][ T6899] name failslab, interval 1, probability 0, space 0, times 0
[  170.323296][ T6897] input: syz0 as /devices/virtual/input/input15
[  170.350423][ T6899] CPU: 1 UID: 0 PID: 6899 Comm: syz.1.286 Not tainted syzkaller #0 PREEMPT(full) 
[  170.350451][ T6899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  170.350464][ T6899] Call Trace:
[  170.350472][ T6899]  <TASK>
[  170.350481][ T6899]  dump_stack_lvl+0x189/0x250
[  170.350510][ T6899]  ? __pfx____ratelimit+0x10/0x10
[  170.350532][ T6899]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.350556][ T6899]  ? __pfx__printk+0x10/0x10
[  170.350589][ T6899]  ? __pfx___might_resched+0x10/0x10
[  170.350605][ T6899]  ? fs_reclaim_acquire+0x7d/0x100
[  170.350628][ T6899]  should_fail_ex+0x414/0x560
[  170.350663][ T6899]  should_failslab+0xa8/0x100
[  170.350695][ T6899]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  170.350724][ T6899]  ? __alloc_skb+0x112/0x2d0
[  170.350743][ T6899]  ? pppol2tp_sock_to_session+0x4be/0x550
[  170.350775][ T6899]  __alloc_skb+0x112/0x2d0
[  170.350800][ T6899]  sock_wmalloc+0xb2/0x130
[  170.350829][ T6899]  pppol2tp_sendmsg+0x183/0x5f0
[  170.350853][ T6899]  ? __import_iovec+0x40e/0x7f0
[  170.350883][ T6899]  ? __pfx_pppol2tp_sendmsg+0x10/0x10
[  170.350910][ T6899]  __sock_sendmsg+0x219/0x270
[  170.350943][ T6899]  ____sys_sendmsg+0x52d/0x830
[  170.350981][ T6899]  ? __pfx_____sys_sendmsg+0x10/0x10
[  170.351022][ T6899]  ___sys_sendmsg+0x21f/0x2a0
[  170.351049][ T6899]  ? __pfx____sys_sendmsg+0x10/0x10
[  170.351108][ T6899]  ? __fget_files+0x2a/0x420
[  170.351124][ T6899]  ? __fget_files+0x3a0/0x420
[  170.351151][ T6899]  __sys_sendmmsg+0x28e/0x430
[  170.351182][ T6899]  ? __pfx___sys_sendmmsg+0x10/0x10
[  170.351216][ T6899]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  170.351258][ T6899]  ? ksys_write+0x22a/0x250
[  170.351297][ T6899]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  170.351327][ T6899]  __do_fast_syscall_32+0xb6/0x2b0
[  170.351355][ T6899]  ? lockdep_hardirqs_on+0x9c/0x150
[  170.351382][ T6899]  do_fast_syscall_32+0x34/0x80
[  170.351412][ T6899]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  170.351437][ T6899] RIP: 0023:0xf7f66539
[  170.351456][ T6899] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  170.351474][ T6899] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  170.351496][ T6899] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004380
[  170.351511][ T6899] RDX: 0000000000034000 RSI: 0000000000000000 RDI: 0000000000000000
[  170.351524][ T6899] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  170.351536][ T6899] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  170.351547][ T6899] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  170.351577][ T6899]  </TASK>
[  170.619256][    C1] vkms_vblank_simulate: vblank timer overrun
[  170.936429][ T5931] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  170.970138][ T6901] FAULT_INJECTION: forcing a failure.
[  170.970138][ T6901] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  171.088700][ T5931] usb 3-1: config 0 has no interfaces?
[  171.097983][ T5931] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  171.107611][ T5931] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.115684][ T5931] usb 3-1: Product: syz
[  171.122492][ T5931] usb 3-1: Manufacturer: syz
[  171.129894][ T6901] CPU: 0 UID: 0 PID: 6901 Comm: syz.0.282 Not tainted syzkaller #0 PREEMPT(full) 
[  171.129923][ T6901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  171.129937][ T6901] Call Trace:
[  171.129944][ T6901]  <TASK>
[  171.129954][ T6901]  dump_stack_lvl+0x189/0x250
[  171.129985][ T6901]  ? __pfx____ratelimit+0x10/0x10
[  171.130009][ T6901]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.130035][ T6901]  ? __pfx__printk+0x10/0x10
[  171.130079][ T6901]  should_fail_ex+0x414/0x560
[  171.130117][ T6901]  _copy_to_user+0x31/0xb0
[  171.130152][ T6901]  __se_sys_mincore+0x485/0x5c0
[  171.130182][ T6901]  __do_fast_syscall_32+0xb6/0x2b0
[  171.130208][ T6901]  ? lockdep_hardirqs_on+0x9c/0x150
[  171.130236][ T6901]  do_fast_syscall_32+0x34/0x80
[  171.130262][ T6901]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  171.130288][ T6901] RIP: 0023:0xf70ee539
[  171.130307][ T6901] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  171.130325][ T6901] RSP: 002b:00000000f549c55c EFLAGS: 00000206 ORIG_RAX: 00000000000000da
[  171.130349][ T6901] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000800000
[  171.130364][ T6901] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  171.130376][ T6901] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  171.130388][ T6901] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  171.130400][ T6901] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  171.130430][ T6901]  </TASK>
[  171.130489][ T5931] usb 3-1: SerialNumber: syz
[  171.237034][    C1] vkms_vblank_simulate: vblank timer overrun
[  171.475147][ T6903] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.483020][ T6903] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.620953][ T5931] usb 3-1: config 0 descriptor??
[  172.266140][ T6903] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  172.285593][ T6903] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  172.431061][ T6929] FAULT_INJECTION: forcing a failure.
[  172.431061][ T6929] name failslab, interval 1, probability 0, space 0, times 0
[  172.453722][ T6929] CPU: 1 UID: 0 PID: 6929 Comm: syz.0.290 Not tainted syzkaller #0 PREEMPT(full) 
[  172.453746][ T6929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  172.453756][ T6929] Call Trace:
[  172.453762][ T6929]  <TASK>
[  172.453769][ T6929]  dump_stack_lvl+0x189/0x250
[  172.453792][ T6929]  ? __pfx____ratelimit+0x10/0x10
[  172.453809][ T6929]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.453827][ T6929]  ? __pfx__printk+0x10/0x10
[  172.453853][ T6929]  ? __pfx___might_resched+0x10/0x10
[  172.453871][ T6929]  should_fail_ex+0x414/0x560
[  172.453898][ T6929]  should_failslab+0xa8/0x100
[  172.453923][ T6929]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  172.453945][ T6929]  ? __alloc_skb+0x112/0x2d0
[  172.453965][ T6929]  __alloc_skb+0x112/0x2d0
[  172.453985][ T6929]  netlink_sendmsg+0x5c6/0xb30
[  172.454010][ T6929]  ? __pfx_netlink_sendmsg+0x10/0x10
[  172.454029][ T6929]  ? __import_iovec+0x5d4/0x7f0
[  172.454047][ T6929]  ? aa_sock_msg_perm+0xf1/0x1d0
[  172.454064][ T6929]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  172.454081][ T6929]  ? __pfx_netlink_sendmsg+0x10/0x10
[  172.454098][ T6929]  __sock_sendmsg+0x219/0x270
[  172.454124][ T6929]  ____sys_sendmsg+0x505/0x830
[  172.454148][ T6929]  ? __pfx_____sys_sendmsg+0x10/0x10
[  172.454179][ T6929]  ___sys_sendmsg+0x21f/0x2a0
[  172.454200][ T6929]  ? __pfx____sys_sendmsg+0x10/0x10
[  172.454265][ T6929]  ? __fget_files+0x2a/0x420
[  172.454285][ T6929]  ? __fget_files+0x3a0/0x420
[  172.454318][ T6929]  __sys_sendmsg+0x164/0x220
[  172.454340][ T6929]  ? __pfx___sys_sendmsg+0x10/0x10
[  172.454371][ T6929]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.454390][ T6929]  __do_fast_syscall_32+0xb6/0x2b0
[  172.454409][ T6929]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.454427][ T6929]  do_fast_syscall_32+0x34/0x80
[  172.454445][ T6929]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  172.454464][ T6929] RIP: 0023:0xf70ee539
[  172.454477][ T6929] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  172.454498][ T6929] RSP: 002b:00000000f54de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  172.454513][ T6929] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  172.454524][ T6929] RDX: 0000000008000002 RSI: 0000000000000000 RDI: 0000000000000000
[  172.454533][ T6929] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  172.454542][ T6929] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  172.454550][ T6929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  172.454571][ T6929]  </TASK>
[  172.708449][    C1] vkms_vblank_simulate: vblank timer overrun
[  173.037164][ T5931] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  173.214895][ T5931] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  173.225404][ T5931] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  173.247879][ T5931] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  173.274624][ T5931] usb 4-1: config 220 has no interface number 2
[  173.299724][ T5931] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  173.316600][ T5931] usb 4-1: config 220 interface 0 has no altsetting 0
[  173.374014][ T5931] usb 4-1: config 220 interface 76 has no altsetting 0
[  173.384033][ T5931] usb 4-1: config 220 interface 1 has no altsetting 0
[  173.422290][ T5931] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  173.436402][ T5931] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.473425][   T78] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  173.526594][ T5931] usb 4-1: Product: syz
[  173.530891][ T5931] usb 4-1: Manufacturer: syz
[  173.535655][ T5931] usb 4-1: SerialNumber: syz
[  173.547463][ T1340] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  173.622706][ T1340] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  173.670558][  T979] usb 3-1: USB disconnect, device number 11
[  173.695335][ T1340] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  173.935992][ T5931] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  173.947957][ T5931] usb 4-1: No valid video chain found.
[  173.964821][ T6952] netlink: 4 bytes leftover after parsing attributes in process `syz.1.292'.
[  174.052694][ T6953] netlink: 'syz.1.292': attribute type 10 has an invalid length.
[  174.233322][ T5931] usb 4-1: selecting invalid altsetting 0
[  174.340945][ T5931] usb 4-1: selecting invalid altsetting 0
[  174.368605][ T5931] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  174.376559][ T6953] hsr_slave_0: left promiscuous mode
[  174.387697][ T5931] usb 4-1: USB disconnect, device number 11
[  174.575755][ T6953] hsr_slave_1: left promiscuous mode
[  175.038002][ T6964] input: syz0 as /devices/virtual/input/input16
[  175.102172][ T6964] netlink: 'syz.2.299': attribute type 21 has an invalid length.
[  175.440710][ T6971] binder: BINDER_SET_CONTEXT_MGR already set
[  175.458492][ T6971] binder: 6969:6971 ioctl 4018620d 80000680 returned -16
[  177.298444][ T6992] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.306432][ T6992] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.745055][ T7013] loop6: detected capacity change from 0 to 63
[  177.759019][ T7013] Buffer I/O error on dev loop6, logical block 0, async page read
[  177.772097][ T7013] Buffer I/O error on dev loop6, logical block 0, async page read
[  177.782284][ T7013] Buffer I/O error on dev loop6, logical block 0, async page read
[  177.791236][ T7013] Buffer I/O error on dev loop6, logical block 0, async page read
[  177.812816][ T7013] Buffer I/O error on dev loop6, logical block 0, async page read
[  177.822018][ T7013] Buffer I/O error on dev loop6, logical block 0, async page read
[  177.830934][ T7013] Buffer I/O error on dev loop6, logical block 0, async page read
[  177.839333][ T7013] Buffer I/O error on dev loop6, logical block 0, async page read
[  177.847756][ T7013] Buffer I/O error on dev loop6, logical block 0, async page read
[  177.856116][ T7013] Buffer I/O error on dev loop6, logical block 0, async page read
[  178.431643][ T7016] input: syz0 as /devices/virtual/input/input17
[  178.451275][ T7012] netlink: 'syz.2.312': attribute type 21 has an invalid length.
[  178.460203][ T6992] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  178.633491][ T6992] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  179.513359][ T7027] netlink: 4 bytes leftover after parsing attributes in process `syz.4.315'.
[  179.622100][ T6992] bridge1: left promiscuous mode
[  179.632964][ T7028] netlink: 'syz.4.315': attribute type 10 has an invalid length.
[  179.711889][   T78] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  179.759233][   T78] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  179.914643][ T7028] hsr_slave_0: left promiscuous mode
[  179.922972][ T7028] hsr_slave_1: left promiscuous mode
[  179.961549][   T78] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  180.017320][   T78] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  180.419305][ T7035] FAULT_INJECTION: forcing a failure.
[  180.419305][ T7035] name failslab, interval 1, probability 0, space 0, times 0
[  180.456671][ T7035] CPU: 0 UID: 0 PID: 7035 Comm: syz.0.318 Not tainted syzkaller #0 PREEMPT(full) 
[  180.456700][ T7035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  180.456711][ T7035] Call Trace:
[  180.456718][ T7035]  <TASK>
[  180.456726][ T7035]  dump_stack_lvl+0x189/0x250
[  180.456752][ T7035]  ? __pfx____ratelimit+0x10/0x10
[  180.456776][ T7035]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.456802][ T7035]  ? __pfx__printk+0x10/0x10
[  180.456837][ T7035]  ? __pfx___might_resched+0x10/0x10
[  180.456863][ T7035]  should_fail_ex+0x414/0x560
[  180.456900][ T7035]  should_failslab+0xa8/0x100
[  180.456933][ T7035]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  180.456973][ T7035]  ? __alloc_skb+0x112/0x2d0
[  180.457002][ T7035]  __alloc_skb+0x112/0x2d0
[  180.457031][ T7035]  netlink_sendmsg+0x5c6/0xb30
[  180.457065][ T7035]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.457092][ T7035]  ? __import_iovec+0x5d4/0x7f0
[  180.457119][ T7035]  ? aa_sock_msg_perm+0xf1/0x1d0
[  180.457143][ T7035]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  180.457167][ T7035]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.457207][ T7035]  __sock_sendmsg+0x219/0x270
[  180.457245][ T7035]  ____sys_sendmsg+0x505/0x830
[  180.457279][ T7035]  ? __pfx_____sys_sendmsg+0x10/0x10
[  180.457326][ T7035]  ___sys_sendmsg+0x21f/0x2a0
[  180.457356][ T7035]  ? __pfx____sys_sendmsg+0x10/0x10
[  180.457424][ T7035]  ? __fget_files+0x2a/0x420
[  180.457443][ T7035]  ? __fget_files+0x3a0/0x420
[  180.457474][ T7035]  __sys_sendmsg+0x164/0x220
[  180.457504][ T7035]  ? __pfx___sys_sendmsg+0x10/0x10
[  180.457551][ T7035]  ? lockdep_hardirqs_on+0x9c/0x150
[  180.457578][ T7035]  __do_fast_syscall_32+0xb6/0x2b0
[  180.457604][ T7035]  ? lockdep_hardirqs_on+0x9c/0x150
[  180.457632][ T7035]  do_fast_syscall_32+0x34/0x80
[  180.457657][ T7035]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  180.457684][ T7035] RIP: 0023:0xf70ee539
[  180.457703][ T7035] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  180.457723][ T7035] RSP: 002b:00000000f54de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  180.457745][ T7035] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001080
[  180.457760][ T7035] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  180.457773][ T7035] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  180.457785][ T7035] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  180.457797][ T7035] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  180.457828][ T7035]  </TASK>
[  181.286606][  T979] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  182.396420][  T979] usb 4-1: Using ep0 maxpacket: 8
[  182.405120][  T979] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  182.436480][  T979] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  182.446196][  T979] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  182.511110][  T979] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  182.545918][  T979] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  182.557138][  T979] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  182.566229][  T979] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.597324][  T979] usb 4-1: config 0 descriptor??
[  182.606614][ T7050] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  182.710892][ T7074] netlink: 'syz.4.331': attribute type 3 has an invalid length.
[  182.727966][ T7068] bond1: entered promiscuous mode
[  182.733833][ T7068] bond1: entered allmulticast mode
[  182.739446][ T6935] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  182.746497][ T7074] netlink: 48 bytes leftover after parsing attributes in process `syz.4.331'.
[  182.769924][ T7068] 8021q: adding VLAN 0 to HW filter on device bond1
[  182.921914][ T6935] usb 1-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  182.947546][ T6935] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.970132][ T6935] usb 1-1: Product: syz
[  182.980275][ T6935] usb 1-1: Manufacturer: syz
[  182.990435][ T6935] usb 1-1: SerialNumber: syz
[  183.008212][ T6935] usb 1-1: config 0 descriptor??
[  183.041258][ T6935] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  183.054205][ T7050] netlink: 'syz.3.322': attribute type 8 has an invalid length.
[  183.099201][ T6936] usb 4-1: USB disconnect, device number 12
[  183.099613][ T5875] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  183.112619][ T6935] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  183.156755][ T5931] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  183.223637][ T6935] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  183.242952][ T6935] usb 1-1: media controller created
[  183.306090][ T6935] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  183.366746][ T7067] dvb-usb: bulk message failed: -22 (7/0)
[  183.372360][ T5931] usb 3-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  183.421655][ T5931] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.449963][  T979] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  183.486492][ T6935] DVB: Unable to find symbol mt352_attach()
[  183.492720][ T5931] usb 3-1: Product: syz
[  183.501986][ T5931] usb 3-1: Manufacturer: syz
[  183.508940][ T5931] usb 3-1: SerialNumber: syz
[  183.527022][ T5931] usb 3-1: config 0 descriptor??
[  183.544028][ T5931] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  183.579940][ T5931] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  183.611872][  T979] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  183.612992][ T6935] DVB: Unable to find symbol nxt6000_attach()
[  183.628089][  T979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.637110][  T979] usb 2-1: Product: syz
[  183.641403][  T979] usb 2-1: Manufacturer: syz
[  183.646204][  T979] usb 2-1: SerialNumber: syz
[  183.652766][ T5931] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  183.677124][  T979] usb 2-1: config 0 descriptor??
[  183.698556][  T979] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  183.707807][ T5931] usb 3-1: media controller created
[  183.713165][ T6935] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  183.750128][ T7076] dvb-usb: bulk message failed: -22 (7/0)
[  183.758036][ T6935] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input18
[  183.793288][  T979] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  183.812303][ T6935] dvb-usb: schedule remote query interval to 1000 msecs.
[  183.825206][ T5931] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  183.855046][ T6935] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  183.895694][ T6935] dvb-usb: bulk message failed: -22 (7/0)
[  183.907502][ T7082] FAULT_INJECTION: forcing a failure.
[  183.907502][ T7082] name failslab, interval 1, probability 0, space 0, times 0
[  183.945795][  T979] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  183.945975][ T6935] dvb-usb: bulk message failed: -22 (7/0)
[  183.976473][  T979] usb 2-1: media controller created
[  183.996706][ T7082] CPU: 1 UID: 0 PID: 7082 Comm: syz.1.335 Not tainted syzkaller #0 PREEMPT(full) 
[  183.996740][ T7082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  183.996755][ T7082] Call Trace:
[  183.996764][ T7082]  <TASK>
[  183.996774][ T7082]  dump_stack_lvl+0x189/0x250
[  183.996806][ T7082]  ? __pfx____ratelimit+0x10/0x10
[  183.996831][ T7082]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.996858][ T7082]  ? __pfx__printk+0x10/0x10
[  183.996898][ T7082]  ? __pfx___might_resched+0x10/0x10
[  183.996920][ T7082]  ? fs_reclaim_acquire+0x7d/0x100
[  183.996947][ T7082]  should_fail_ex+0x414/0x560
[  183.996988][ T7082]  should_failslab+0xa8/0x100
[  183.997024][ T7082]  __kmalloc_noprof+0xcb/0x4f0
[  183.997054][ T7082]  ? tomoyo_encode+0x28b/0x550
[  183.997083][ T7082]  tomoyo_encode+0x28b/0x550
[  183.997119][ T7082]  tomoyo_realpath_from_path+0x58d/0x5d0
[  183.997157][ T7082]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  183.997191][ T7082]  tomoyo_path_number_perm+0x1e8/0x5a0
[  183.997228][ T7082]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  183.997282][ T7082]  ? __lock_acquire+0xab9/0xd20
[  183.997341][ T7082]  ? __fget_files+0x2a/0x420
[  183.997367][ T7082]  ? __fget_files+0x3a0/0x420
[  183.997385][ T7082]  ? __fget_files+0x2a/0x420
[  183.997410][ T7082]  security_file_ioctl_compat+0xcb/0x2d0
[  183.997447][ T7082]  __ia32_compat_sys_ioctl+0x128/0x840
[  183.997481][ T7082]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  183.997510][ T7082]  ? __fget_files+0x3a0/0x420
[  183.997539][ T7082]  ? fput+0xa0/0xd0
[  183.997573][ T7082]  ? ksys_write+0x22a/0x250
[  183.997615][ T7082]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.997643][ T7082]  __do_fast_syscall_32+0xb6/0x2b0
[  183.997670][ T7082]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.997699][ T7082]  do_fast_syscall_32+0x34/0x80
[  183.997726][ T7082]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  183.997753][ T7082] RIP: 0023:0xf7f66539
[  183.997772][ T7082] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  183.997791][ T7082] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  183.997815][ T7082] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000707
[  183.997830][ T7082] RDX: 0000000080000240 RSI: 0000000000000000 RDI: 0000000000000000
[  183.997843][ T7082] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  183.997856][ T7082] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  183.997869][ T7082] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  183.997901][ T7082]  </TASK>
[  184.274012][  T979] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  184.303994][ T7082] ERROR: Out of memory at tomoyo_realpath_from_path.
[  184.311365][ T7082] dvb-usb: bulk message failed: -22 (7/0)
[  184.368765][ T6935] usb 1-1: USB disconnect, device number 9
[  184.415645][    T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  184.419504][ T5931] DVB: Unable to find symbol mt352_attach()
[  184.504404][ T6935] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  184.592520][  T979] DVB: Unable to find symbol mt352_attach()
[  184.601337][    T9] usb 4-1: Using ep0 maxpacket: 8
[  184.636180][    T9] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  184.676512][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  184.700908][ T5931] DVB: Unable to find symbol nxt6000_attach()
[  184.708784][    T9] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  184.727310][ T5931] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  184.755771][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  184.763126][ T5931] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input19
[  184.791312][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  184.812135][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.339'.
[  184.839339][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.339'.
[  184.849178][  T979] DVB: Unable to find symbol nxt6000_attach()
[  184.861158][  T979] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  184.861319][ T5931] dvb-usb: schedule remote query interval to 1000 msecs.
[  184.873004][    T9] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  184.890731][  T979] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input20
[  184.907682][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  184.922983][    T9] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  184.942917][ T5931] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  184.943625][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.339'.
[  184.968794][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  184.983515][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.339'.
[  184.994572][  T979] dvb-usb: schedule remote query interval to 1000 msecs.
[  185.004069][  T979] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  185.019410][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  185.019563][ T5931] dvb-usb: bulk message failed: -22 (7/0)
[  185.040712][  T979] dvb-usb: bulk message failed: -22 (7/0)
[  185.061398][ T5931] dvb-usb: bulk message failed: -22 (7/0)
[  185.062082][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.339'.
[  185.081174][  T979] dvb-usb: bulk message failed: -22 (7/0)
[  185.091335][    T9] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  185.107303][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  185.126640][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.339'.
[  185.136296][  T979] usb 2-1: USB disconnect, device number 9
[  185.153848][    T9] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  185.154028][ T5931] usb 3-1: USB disconnect, device number 12
[  185.211112][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.339'.
[  185.255963][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  185.291253][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.339'.
[  185.349438][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  185.373254][  T979] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  185.417533][    T9] usb 4-1: string descriptor 0 read error: -22
[  185.423891][    T9] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  185.462643][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.339'.
[  185.480384][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.519492][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.339'.
[  185.555112][    T9] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  185.588455][ T5931] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  185.670033][ T7100] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  185.765419][ T7087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  185.816296][ T7087] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.955952][ T7111] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.963891][ T7111] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.252071][ T7111] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  186.268590][    T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  186.278028][ T7111] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  186.510761][    T9] usb 2-1: Using ep0 maxpacket: 16
[  186.542639][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  186.553812][   T78] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  186.586518][   T13] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  186.596678][    T9] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  186.616480][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.665042][    T9] usb 2-1: config 0 descriptor??
[  186.712243][   T13] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  186.728811][   T13] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  186.755989][ T5931] usb 4-1: USB disconnect, device number 13
[  186.802985][ T7130] input: syz0 as /devices/virtual/input/input21
[  186.820081][ T7130] netlink: 'syz.0.345': attribute type 21 has an invalid length.
[  186.896748][  T979] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  186.932720][ T7134] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  187.066503][  T979] usb 5-1: Using ep0 maxpacket: 8
[  187.074315][  T979] usb 5-1: unable to get BOS descriptor or descriptor too short
[  187.084155][  T979] usb 5-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config
[  187.100057][  T979] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5
[  187.109334][  T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.117709][  T979] usb 5-1: Product: syz
[  187.125127][  T979] usb 5-1: Manufacturer: syz
[  187.140422][  T979] usb 5-1: SerialNumber: syz
[  187.145371][    T9] mcp2221 0003:04D8:00DD.0002: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  187.373827][ T7124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  187.389469][ T7124] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  187.410333][ T7124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  187.422700][ T7124] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  187.471152][  T979] usb 5-1: USB disconnect, device number 16
[  187.937961][ T7141] veth0_to_bond: entered allmulticast mode
[  188.419906][ T7150] FAULT_INJECTION: forcing a failure.
[  188.419906][ T7150] name failslab, interval 1, probability 0, space 0, times 0
[  188.472531][ T7150] CPU: 1 UID: 0 PID: 7150 Comm: syz.4.352 Not tainted syzkaller #0 PREEMPT(full) 
[  188.472563][ T7150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  188.472577][ T7150] Call Trace:
[  188.472587][ T7150]  <TASK>
[  188.472596][ T7150]  dump_stack_lvl+0x189/0x250
[  188.472629][ T7150]  ? __pfx____ratelimit+0x10/0x10
[  188.472653][ T7150]  ? __pfx_dump_stack_lvl+0x10/0x10
[  188.472679][ T7150]  ? __pfx__printk+0x10/0x10
[  188.472717][ T7150]  ? __pfx___might_resched+0x10/0x10
[  188.472744][ T7150]  should_fail_ex+0x414/0x560
[  188.472793][ T7150]  should_failslab+0xa8/0x100
[  188.472827][ T7150]  __kmalloc_noprof+0xcb/0x4f0
[  188.472857][ T7150]  ? io_cache_alloc_new+0x40/0x100
[  188.472889][ T7150]  io_cache_alloc_new+0x40/0x100
[  188.472917][ T7150]  io_msg_alloc_async+0x1b2/0x2d0
[  188.472946][ T7150]  io_recvmsg_prep+0x7f5/0x10d0
[  188.472973][ T7150]  ? percpu_ref_get_many+0x21/0x1e0
[  188.473015][ T7150]  ? __pfx_io_recvmsg_prep+0x10/0x10
[  188.473040][ T7150]  ? __pfx___io_alloc_req_refill+0x10/0x10
[  188.473064][ T7150]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  188.473099][ T7150]  ? io_task_refs_refill+0xbb/0x180
[  188.473131][ T7150]  io_submit_sqes+0x917/0x1d30
[  188.473200][ T7150]  __se_sys_io_uring_enter+0x2df/0x2b20
[  188.473254][ T7150]  ? ksys_write+0x1cb/0x250
[  188.473289][ T7150]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  188.473319][ T7150]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  188.473344][ T7150]  ? __pfx_vfs_write+0x10/0x10
[  188.473375][ T7150]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  188.473405][ T7150]  ? __fget_files+0x3a0/0x420
[  188.473433][ T7150]  ? fput+0xa0/0xd0
[  188.473455][ T7150]  ? ksys_write+0x22a/0x250
[  188.473495][ T7150]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[  188.473532][ T7150]  __do_fast_syscall_32+0xb6/0x2b0
[  188.473564][ T7150]  ? lockdep_hardirqs_on+0x9c/0x150
[  188.473593][ T7150]  do_fast_syscall_32+0x34/0x80
[  188.473619][ T7150]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  188.473645][ T7150] RIP: 0023:0xf7f23539
[  188.473663][ T7150] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  188.473681][ T7150] RSP: 002b:00000000f541655c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[  188.473705][ T7150] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000000047f6
[  188.473720][ T7150] RDX: 000000000000b277 RSI: 0000000000000000 RDI: 0000000000000000
[  188.473732][ T7150] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  188.473744][ T7150] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  188.473763][ T7150] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  188.473795][ T7150]  </TASK>
[  189.165213][ T5931] usb 2-1: USB disconnect, device number 10
[  190.040346][ T7177] input: syz0 as /devices/virtual/input/input22
[  190.062408][ T7177] netlink: 'syz.2.360': attribute type 21 has an invalid length.
[  190.595572][ T6915] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  190.768369][ T6915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  190.817013][ T6915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  190.836613][ T6915] usb 5-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[  190.856173][ T6915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.912932][ T6915] usb 5-1: config 0 descriptor??
[  190.945460][ T6915] usbhid 5-1:0.0: can't add hid device: -22
[  190.965227][ T6915] usbhid 5-1:0.0: probe with driver usbhid failed with error -22
[  191.056417][ T5931] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  191.218944][ T5931] usb 3-1: Using ep0 maxpacket: 8
[  191.288740][ T5931] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  191.288772][ T5931] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  191.288822][ T5931] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  191.288848][ T5931] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.539638][ T7203] FAULT_INJECTION: forcing a failure.
[  191.539638][ T7203] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  191.553942][ T7203] CPU: 1 UID: 0 PID: 7203 Comm: syz.0.366 Not tainted syzkaller #0 PREEMPT(full) 
[  191.553972][ T7203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  191.553986][ T7203] Call Trace:
[  191.553994][ T7203]  <TASK>
[  191.554004][ T7203]  dump_stack_lvl+0x189/0x250
[  191.554037][ T7203]  ? __pfx____ratelimit+0x10/0x10
[  191.554063][ T7203]  ? __pfx_dump_stack_lvl+0x10/0x10
[  191.554089][ T7203]  ? __pfx__printk+0x10/0x10
[  191.554122][ T7203]  ? __might_fault+0xb0/0x130
[  191.554166][ T7203]  should_fail_ex+0x414/0x560
[  191.554223][ T7203]  _copy_to_iter+0x404/0x1790
[  191.554264][ T7203]  ? bpf_map_show_fdinfo+0x23b/0x390
[  191.554287][ T7203]  ? __pfx__copy_to_iter+0x10/0x10
[  191.554316][ T7203]  ? fput+0xa0/0xd0
[  191.554337][ T7203]  ? __pfx_bpf_map_show_fdinfo+0x10/0x10
[  191.554359][ T7203]  ? seq_show+0x5cb/0x730
[  191.554396][ T7203]  seq_read_iter+0xbeb/0xe10
[  191.554447][ T7203]  seq_read+0x369/0x480
[  191.554485][ T7203]  ? __pfx_seq_read+0x10/0x10
[  191.554535][ T7203]  ? rw_verify_area+0x2a6/0x4d0
[  191.554562][ T7203]  ? __lock_acquire+0xab9/0xd20
[  191.554593][ T7203]  ? __pfx_seq_read+0x10/0x10
[  191.554622][ T7203]  vfs_read+0x200/0xa30
[  191.554649][ T7203]  ? fdget_pos+0x247/0x320
[  191.554674][ T7203]  ? __pfx___mutex_lock+0x10/0x10
[  191.554701][ T7203]  ? __pfx_vfs_read+0x10/0x10
[  191.554732][ T7203]  ? __fget_files+0x2a/0x420
[  191.554757][ T7203]  ? __fget_files+0x3a0/0x420
[  191.554775][ T7203]  ? __fget_files+0x2a/0x420
[  191.554805][ T7203]  ksys_read+0x145/0x250
[  191.554838][ T7203]  ? __pfx_ksys_read+0x10/0x10
[  191.554872][ T7203]  ? lockdep_hardirqs_on+0x9c/0x150
[  191.554901][ T7203]  __do_fast_syscall_32+0xb6/0x2b0
[  191.554929][ T7203]  ? lockdep_hardirqs_on+0x9c/0x150
[  191.554957][ T7203]  do_fast_syscall_32+0x34/0x80
[  191.554984][ T7203]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  191.555010][ T7203] RIP: 0023:0xf70ee539
[  191.555029][ T7203] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  191.555049][ T7203] RSP: 002b:00000000f549c55c EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  191.555072][ T7203] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080001680
[  191.555088][ T7203] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000
[  191.555100][ T7203] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  191.555113][ T7203] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  191.555125][ T7203] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  191.555158][ T7203]  </TASK>
[  191.878214][ T7205] FAULT_INJECTION: forcing a failure.
[  191.878214][ T7205] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  191.891708][ T7205] CPU: 1 UID: 0 PID: 7205 Comm: syz.3.368 Not tainted syzkaller #0 PREEMPT(full) 
[  191.891748][ T7205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  191.891762][ T7205] Call Trace:
[  191.891770][ T7205]  <TASK>
[  191.891779][ T7205]  dump_stack_lvl+0x189/0x250
[  191.891811][ T7205]  ? __pfx____ratelimit+0x10/0x10
[  191.891835][ T7205]  ? __pfx_dump_stack_lvl+0x10/0x10
[  191.891862][ T7205]  ? __pfx__printk+0x10/0x10
[  191.891892][ T7205]  ? __might_fault+0xb0/0x130
[  191.891935][ T7205]  should_fail_ex+0x414/0x560
[  191.891973][ T7205]  _copy_from_user+0x2d/0xb0
[  191.892003][ T7205]  __keyctl_dh_compute+0x16a/0xca0
[  191.892039][ T7205]  ? __pfx___keyctl_dh_compute+0x10/0x10
[  191.892064][ T7205]  ? __lock_acquire+0xab9/0xd20
[  191.892108][ T7205]  ? __might_fault+0xb0/0x130
[  191.892154][ T7205]  ? compat_keyctl_dh_compute+0x157/0x1d0
[  191.892183][ T7205]  compat_keyctl_dh_compute+0x16e/0x1d0
[  191.892210][ T7205]  ? __pfx_compat_keyctl_dh_compute+0x10/0x10
[  191.892242][ T7205]  ? ksys_write+0x22a/0x250
[  191.892283][ T7205]  ? __ia32_compat_sys_keyctl+0x3f6/0x630
[  191.892309][ T7205]  __do_fast_syscall_32+0xb6/0x2b0
[  191.892336][ T7205]  ? lockdep_hardirqs_on+0x9c/0x150
[  191.892363][ T7205]  do_fast_syscall_32+0x34/0x80
[  191.892389][ T7205]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  191.892414][ T7205] RIP: 0023:0xf7f66539
[  191.892434][ T7205] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  191.892453][ T7205] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000120
[  191.892475][ T7205] RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 0000000080000100
[  191.892491][ T7205] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000080000180
[  191.892504][ T7205] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  191.892516][ T7205] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  191.892528][ T7205] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  191.892559][ T7205]  </TASK>
[  191.988113][ T7193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.212968][ T7193] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.310576][ T6915] usb 5-1: USB disconnect, device number 17
[  192.404418][ T7193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.416453][ T7193] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.579032][ T6915] usb 3-1: USB disconnect, device number 13
[  192.707259][ T7218] FAULT_INJECTION: forcing a failure.
[  192.707259][ T7218] name failslab, interval 1, probability 0, space 0, times 0
[  192.744146][ T7218] CPU: 1 UID: 0 PID: 7218 Comm: syz.3.372 Not tainted syzkaller #0 PREEMPT(full) 
[  192.744200][ T7218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  192.744214][ T7218] Call Trace:
[  192.744223][ T7218]  <TASK>
[  192.744232][ T7218]  dump_stack_lvl+0x189/0x250
[  192.744263][ T7218]  ? __pfx____ratelimit+0x10/0x10
[  192.744287][ T7218]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.744322][ T7218]  ? __pfx__printk+0x10/0x10
[  192.744360][ T7218]  ? __pfx___might_resched+0x10/0x10
[  192.744387][ T7218]  should_fail_ex+0x414/0x560
[  192.744425][ T7218]  should_failslab+0xa8/0x100
[  192.744461][ T7218]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  192.744493][ T7218]  ? __alloc_skb+0x112/0x2d0
[  192.744522][ T7218]  __alloc_skb+0x112/0x2d0
[  192.744551][ T7218]  netlink_sendmsg+0x5c6/0xb30
[  192.744587][ T7218]  ? __pfx_netlink_sendmsg+0x10/0x10
[  192.744615][ T7218]  ? __import_iovec+0x5d4/0x7f0
[  192.744642][ T7218]  ? aa_sock_msg_perm+0xf1/0x1d0
[  192.744666][ T7218]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  192.744691][ T7218]  ? __pfx_netlink_sendmsg+0x10/0x10
[  192.744716][ T7218]  __sock_sendmsg+0x219/0x270
[  192.744755][ T7218]  ____sys_sendmsg+0x505/0x830
[  192.744790][ T7218]  ? __pfx_____sys_sendmsg+0x10/0x10
[  192.744852][ T7218]  ___sys_sendmsg+0x21f/0x2a0
[  192.744883][ T7218]  ? __pfx____sys_sendmsg+0x10/0x10
[  192.744955][ T7218]  ? __fget_files+0x2a/0x420
[  192.744974][ T7218]  ? __fget_files+0x3a0/0x420
[  192.745005][ T7218]  __sys_sendmsg+0x164/0x220
[  192.745036][ T7218]  ? __pfx___sys_sendmsg+0x10/0x10
[  192.745082][ T7218]  ? lockdep_hardirqs_on+0x9c/0x150
[  192.745109][ T7218]  __do_fast_syscall_32+0xb6/0x2b0
[  192.745136][ T7218]  ? lockdep_hardirqs_on+0x9c/0x150
[  192.745164][ T7218]  do_fast_syscall_32+0x34/0x80
[  192.745190][ T7218]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  192.745217][ T7218] RIP: 0023:0xf7f66539
[  192.745235][ T7218] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  192.745254][ T7218] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  192.745276][ T7218] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  192.745292][ T7218] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  192.745304][ T7218] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  192.745323][ T7218] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  192.745336][ T7218] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  192.745368][ T7218]  </TASK>
[  193.039884][ T7222] input: syz0 as /devices/virtual/input/input23
[  193.052104][ T7222] netlink: 'syz.1.374': attribute type 21 has an invalid length.
[  195.561094][ T7275] FAULT_INJECTION: forcing a failure.
[  195.561094][ T7275] name failslab, interval 1, probability 0, space 0, times 0
[  195.574795][ T7275] CPU: 0 UID: 0 PID: 7275 Comm: syz.1.390 Not tainted syzkaller #0 PREEMPT(full) 
[  195.574825][ T7275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  195.574839][ T7275] Call Trace:
[  195.574847][ T7275]  <TASK>
[  195.574856][ T7275]  dump_stack_lvl+0x189/0x250
[  195.574888][ T7275]  ? __pfx____ratelimit+0x10/0x10
[  195.574912][ T7275]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.574939][ T7275]  ? __pfx__printk+0x10/0x10
[  195.574966][ T7275]  ? percpu_ref_get_many+0x19/0x140
[  195.575006][ T7275]  ? look_up_lock_class+0x74/0x170
[  195.575038][ T7275]  should_fail_ex+0x414/0x560
[  195.575157][ T7275]  should_failslab+0xa8/0x100
[  195.575194][ T7275]  __kmalloc_noprof+0xcb/0x4f0
[  195.575223][ T7275]  ? io_alloc_ocqe+0x6f/0x550
[  195.575250][ T7275]  io_alloc_ocqe+0x6f/0x550
[  195.575268][ T7275]  ? io_cqe_cache_refill+0x1a8/0x240
[  195.575307][ T7275]  io_cqe_overflow_locked+0x26/0x40
[  195.575334][ T7275]  __io_submit_flush_completions+0x248/0xe40
[  195.575368][ T7275]  ? io_issue_sqe+0x5bf/0xfd0
[  195.575409][ T7275]  io_submit_sqes+0x18ee/0x1d30
[  195.575478][ T7275]  __se_sys_io_uring_enter+0x2df/0x2b20
[  195.575533][ T7275]  ? ksys_write+0x1cb/0x250
[  195.575568][ T7275]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  195.575599][ T7275]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  195.575625][ T7275]  ? __pfx_vfs_write+0x10/0x10
[  195.575658][ T7275]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  195.575689][ T7275]  ? __fget_files+0x3a0/0x420
[  195.575717][ T7275]  ? fput+0xa0/0xd0
[  195.575739][ T7275]  ? ksys_write+0x22a/0x250
[  195.575778][ T7275]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[  195.575816][ T7275]  __do_fast_syscall_32+0xb6/0x2b0
[  195.575844][ T7275]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.575872][ T7275]  do_fast_syscall_32+0x34/0x80
[  195.575898][ T7275]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  195.575925][ T7275] RIP: 0023:0xf7f66539
[  195.575943][ T7275] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  195.575962][ T7275] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[  195.575986][ T7275] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000002d3e
[  195.576001][ T7275] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  195.576013][ T7275] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  195.576026][ T7275] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  195.576039][ T7275] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  195.576071][ T7275]  </TASK>
[  196.033456][ T7277] netlink: 'syz.2.392': attribute type 21 has an invalid length.
[  196.465251][ T7292] FAULT_INJECTION: forcing a failure.
[  196.465251][ T7292] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  196.480676][ T7292] CPU: 0 UID: 0 PID: 7292 Comm: syz.4.395 Not tainted syzkaller #0 PREEMPT(full) 
[  196.480705][ T7292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  196.480718][ T7292] Call Trace:
[  196.480726][ T7292]  <TASK>
[  196.480735][ T7292]  dump_stack_lvl+0x189/0x250
[  196.480767][ T7292]  ? __pfx____ratelimit+0x10/0x10
[  196.480791][ T7292]  ? __pfx_dump_stack_lvl+0x10/0x10
[  196.480818][ T7292]  ? __pfx__printk+0x10/0x10
[  196.480862][ T7292]  should_fail_ex+0x414/0x560
[  196.480899][ T7292]  _copy_to_user+0x31/0xb0
[  196.480932][ T7292]  simple_read_from_buffer+0xe1/0x170
[  196.480979][ T7292]  proc_fail_nth_read+0x1b3/0x220
[  196.481008][ T7292]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  196.481037][ T7292]  ? rw_verify_area+0x2a6/0x4d0
[  196.481063][ T7292]  ? __lock_acquire+0xab9/0xd20
[  196.481093][ T7292]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  196.481120][ T7292]  vfs_read+0x200/0xa30
[  196.481147][ T7292]  ? fdget_pos+0x247/0x320
[  196.481171][ T7292]  ? __pfx___mutex_lock+0x10/0x10
[  196.481197][ T7292]  ? __pfx_vfs_read+0x10/0x10
[  196.481228][ T7292]  ? __fget_files+0x2a/0x420
[  196.481251][ T7292]  ? __fget_files+0x3a0/0x420
[  196.481269][ T7292]  ? __fget_files+0x2a/0x420
[  196.481298][ T7292]  ksys_read+0x145/0x250
[  196.481330][ T7292]  ? __pfx_ksys_read+0x10/0x10
[  196.481364][ T7292]  ? lockdep_hardirqs_on+0x9c/0x150
[  196.481391][ T7292]  __do_fast_syscall_32+0xb6/0x2b0
[  196.481418][ T7292]  ? lockdep_hardirqs_on+0x9c/0x150
[  196.481446][ T7292]  do_fast_syscall_32+0x34/0x80
[  196.481472][ T7292]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  196.481498][ T7292] RIP: 0023:0xf7f23539
[  196.481516][ T7292] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  196.481533][ T7292] RSP: 002b:00000000f5416590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  196.481555][ T7292] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f5416620
[  196.481570][ T7292] RDX: 000000000000000f RSI: 00000000f73b5ff4 RDI: 0000000000000000
[  196.481582][ T7292] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  196.481594][ T7292] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  196.481607][ T7292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  196.481637][ T7292]  </TASK>
[  196.636655][ T6935] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  196.909336][ T6935] usb 3-1: Using ep0 maxpacket: 32
[  196.924214][ T6935] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  196.940155][ T6935] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  196.962030][ T6935] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  196.975515][ T6935] usb 3-1: Product: syz
[  196.981153][ T6935] usb 3-1: Manufacturer: syz
[  197.018808][ T6935] usb 3-1: SerialNumber: syz
[  197.045812][ T6935] usb 3-1: config 0 descriptor??
[  197.089824][ T7287] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  197.118820][ T6935] hub 3-1:0.0: bad descriptor, ignoring hub
[  197.141574][ T6935] hub 3-1:0.0: probe with driver hub failed with error -5
[  197.257355][ T7303] FAULT_INJECTION: forcing a failure.
[  197.257355][ T7303] name failslab, interval 1, probability 0, space 0, times 0
[  197.273666][ T7303] CPU: 1 UID: 0 PID: 7303 Comm: syz.1.400 Not tainted syzkaller #0 PREEMPT(full) 
[  197.273694][ T7303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  197.273709][ T7303] Call Trace:
[  197.273717][ T7303]  <TASK>
[  197.273726][ T7303]  dump_stack_lvl+0x189/0x250
[  197.273757][ T7303]  ? __pfx____ratelimit+0x10/0x10
[  197.273780][ T7303]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.273804][ T7303]  ? __pfx__printk+0x10/0x10
[  197.273859][ T7303]  ? __pfx___might_resched+0x10/0x10
[  197.273885][ T7303]  should_fail_ex+0x414/0x560
[  197.273922][ T7303]  should_failslab+0xa8/0x100
[  197.273956][ T7303]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  197.273987][ T7303]  ? __alloc_skb+0x112/0x2d0
[  197.274014][ T7303]  __alloc_skb+0x112/0x2d0
[  197.274042][ T7303]  netlink_sendmsg+0x5c6/0xb30
[  197.274074][ T7303]  ? __pfx_netlink_sendmsg+0x10/0x10
[  197.274102][ T7303]  ? __import_iovec+0x5d4/0x7f0
[  197.274128][ T7303]  ? aa_sock_msg_perm+0xf1/0x1d0
[  197.274153][ T7303]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  197.274178][ T7303]  ? __pfx_netlink_sendmsg+0x10/0x10
[  197.274202][ T7303]  __sock_sendmsg+0x219/0x270
[  197.274240][ T7303]  ____sys_sendmsg+0x505/0x830
[  197.274278][ T7303]  ? __pfx_____sys_sendmsg+0x10/0x10
[  197.274324][ T7303]  ___sys_sendmsg+0x21f/0x2a0
[  197.274353][ T7303]  ? __pfx____sys_sendmsg+0x10/0x10
[  197.274412][ T7303]  ? __fget_files+0x2a/0x420
[  197.274429][ T7303]  ? __fget_files+0x3a0/0x420
[  197.274460][ T7303]  __sys_sendmsg+0x164/0x220
[  197.274491][ T7303]  ? __pfx___sys_sendmsg+0x10/0x10
[  197.274537][ T7303]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.274565][ T7303]  __do_fast_syscall_32+0xb6/0x2b0
[  197.274592][ T7303]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.274620][ T7303]  do_fast_syscall_32+0x34/0x80
[  197.274646][ T7303]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  197.274672][ T7303] RIP: 0023:0xf7f66539
[  197.274692][ T7303] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  197.274711][ T7303] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  197.274734][ T7303] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001200
[  197.274749][ T7303] RDX: 0000000004000080 RSI: 0000000000000000 RDI: 0000000000000000
[  197.274762][ T7303] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  197.274774][ T7303] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  197.274787][ T7303] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  197.274818][ T7303]  </TASK>
[  197.929719][ T6935] usb 3-1: USB disconnect, device number 14
[  198.046106][ T7310] __nla_validate_parse: 8 callbacks suppressed
[  198.046128][ T7310] netlink: 4 bytes leftover after parsing attributes in process `syz.1.403'.
[  198.075994][ T7310] netlink: 4 bytes leftover after parsing attributes in process `syz.1.403'.
[  198.111810][ T7310] FAULT_INJECTION: forcing a failure.
[  198.111810][ T7310] name failslab, interval 1, probability 0, space 0, times 0
[  198.134654][ T7310] CPU: 0 UID: 0 PID: 7310 Comm: syz.1.403 Not tainted syzkaller #0 PREEMPT(full) 
[  198.134685][ T7310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  198.134698][ T7310] Call Trace:
[  198.134707][ T7310]  <TASK>
[  198.134717][ T7310]  dump_stack_lvl+0x189/0x250
[  198.134748][ T7310]  ? __pfx____ratelimit+0x10/0x10
[  198.134772][ T7310]  ? __pfx_dump_stack_lvl+0x10/0x10
[  198.134798][ T7310]  ? __pfx__printk+0x10/0x10
[  198.134846][ T7310]  ? __pfx___might_resched+0x10/0x10
[  198.134872][ T7310]  should_fail_ex+0x414/0x560
[  198.134910][ T7310]  should_failslab+0xa8/0x100
[  198.134945][ T7310]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  198.134976][ T7310]  ? __alloc_skb+0x112/0x2d0
[  198.135005][ T7310]  __alloc_skb+0x112/0x2d0
[  198.135034][ T7310]  netlink_sendmsg+0x5c6/0xb30
[  198.135068][ T7310]  ? __pfx_netlink_sendmsg+0x10/0x10
[  198.135094][ T7310]  ? __import_iovec+0x5d4/0x7f0
[  198.135120][ T7310]  ? aa_sock_msg_perm+0xf1/0x1d0
[  198.135144][ T7310]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  198.135168][ T7310]  ? __pfx_netlink_sendmsg+0x10/0x10
[  198.135193][ T7310]  __sock_sendmsg+0x219/0x270
[  198.135230][ T7310]  ____sys_sendmsg+0x505/0x830
[  198.135264][ T7310]  ? __pfx_____sys_sendmsg+0x10/0x10
[  198.135316][ T7310]  ___sys_sendmsg+0x21f/0x2a0
[  198.135346][ T7310]  ? __pfx____sys_sendmsg+0x10/0x10
[  198.135421][ T7310]  ? __fget_files+0x2a/0x420
[  198.135440][ T7310]  ? __fget_files+0x3a0/0x420
[  198.135472][ T7310]  __sys_sendmsg+0x164/0x220
[  198.135502][ T7310]  ? __pfx___sys_sendmsg+0x10/0x10
[  198.135547][ T7310]  ? lockdep_hardirqs_on+0x9c/0x150
[  198.135576][ T7310]  __do_fast_syscall_32+0xb6/0x2b0
[  198.135602][ T7310]  ? lockdep_hardirqs_on+0x9c/0x150
[  198.135630][ T7310]  do_fast_syscall_32+0x34/0x80
[  198.135656][ T7310]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  198.135681][ T7310] RIP: 0023:0xf7f66539
[  198.135700][ T7310] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  198.135718][ T7310] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  198.135740][ T7310] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000180
[  198.135755][ T7310] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  198.135768][ T7310] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  198.135780][ T7310] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  198.135792][ T7310] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  198.135827][ T7310]  </TASK>
[  198.493523][ T6937] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  198.636661][  T979] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  198.675442][ T7304] pim6reg: entered allmulticast mode
[  198.681970][ T6937] usb 1-1: Using ep0 maxpacket: 16
[  198.689107][   T30] audit: type=1326 audit(1759166272.880:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7300 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000
[  198.729546][   T30] audit: type=1326 audit(1759166272.880:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7300 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf7f23539 code=0x7ffc0000
[  198.759436][   T30] audit: type=1326 audit(1759166272.880:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7300 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000
[  198.782107][ T6937] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  198.786490][  T979] usb 3-1: device descriptor read/64, error -71
[  198.797834][ T6937] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  198.802928][ T7300] pim6reg: left allmulticast mode
[  198.809993][   T30] audit: type=1326 audit(1759166272.880:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7300 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf7f23539 code=0x7ffc0000
[  198.810050][   T30] audit: type=1326 audit(1759166272.880:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7300 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000
[  198.810099][   T30] audit: type=1326 audit(1759166272.880:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7300 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f23539 code=0x7ffc0000
[  198.810142][   T30] audit: type=1326 audit(1759166272.880:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7300 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000
[  198.912144][ T6937] usb 1-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  198.921626][ T6937] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.937368][ T6937] usb 1-1: config 0 descriptor??
[  198.957260][ T7319] netlink: 'syz.3.404': attribute type 21 has an invalid length.
[  199.020060][   T30] audit: type=1326 audit(1759166272.880:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7300 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f23539 code=0x7ffc0000
[  199.046521][  T979] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  199.104711][   T30] audit: type=1326 audit(1759166272.880:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7300 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23539 code=0x7ffc0000
[  199.154994][   T30] audit: type=1326 audit(1759166272.880:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7300 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7f23539 code=0x7ffc0000
[  199.196596][  T979] usb 3-1: device descriptor read/64, error -71
[  199.386362][  T979] usb usb3-port1: attempt power cycle
[  199.480682][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  199.488010][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  199.911678][ T6937] usbhid 1-1:0.0: can't add hid device: -71
[  199.918710][ T6937] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  199.966657][ T6937] usb 1-1: USB disconnect, device number 10
[  200.090251][ T7336] binder: BINDER_SET_CONTEXT_MGR already set
[  200.105930][ T7336] binder: 7330:7336 ioctl 4018620d 80000680 returned -16
[  200.859379][ T6935] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  200.994174][ T7358] netlink: 36 bytes leftover after parsing attributes in process `syz.0.417'.
[  201.096558][ T6937] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  201.116459][ T6935] usb 4-1: Using ep0 maxpacket: 8
[  201.132439][ T6935] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  201.162973][ T6935] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  201.184244][ T6935] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  201.202477][ T6935] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  201.241628][ T6935] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  201.283419][ T6937] usb 2-1: Using ep0 maxpacket: 8
[  201.290770][ T7361] overlayfs: missing 'lowerdir'
[  201.299636][ T6937] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  201.316976][ T6937] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  201.346753][ T6935] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.381421][ T6937] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  201.429858][ T6937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.852664][ T7369] netlink: 'syz.4.419': attribute type 21 has an invalid length.
[  201.936492][ T6935] usb 4-1: GET_CAPABILITIES returned 0
[  201.956917][ T6935] usbtmc 4-1:16.0: can't read capabilities
[  202.038692][ T7353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  202.067404][ T7353] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  202.162388][ T7353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  202.195247][ T7353] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  202.213308][ T6935] usb 4-1: USB disconnect, device number 14
[  202.378222][ T6937] usb 2-1: USB disconnect, device number 11
[  202.764531][ T7378] FAULT_INJECTION: forcing a failure.
[  202.764531][ T7378] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.828949][ T7378] CPU: 0 UID: 0 PID: 7378 Comm: syz.4.421 Not tainted syzkaller #0 PREEMPT(full) 
[  202.828980][ T7378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  202.828995][ T7378] Call Trace:
[  202.829004][ T7378]  <TASK>
[  202.829014][ T7378]  dump_stack_lvl+0x189/0x250
[  202.829045][ T7378]  ? __pfx____ratelimit+0x10/0x10
[  202.829068][ T7378]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.829094][ T7378]  ? __pfx__printk+0x10/0x10
[  202.829140][ T7378]  should_fail_ex+0x414/0x560
[  202.829180][ T7378]  _copy_to_user+0x31/0xb0
[  202.829212][ T7378]  simple_read_from_buffer+0xe1/0x170
[  202.829250][ T7378]  proc_fail_nth_read+0x1b3/0x220
[  202.829279][ T7378]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  202.829308][ T7378]  ? rw_verify_area+0x2a6/0x4d0
[  202.829340][ T7378]  ? __lock_acquire+0xab9/0xd20
[  202.829371][ T7378]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  202.829398][ T7378]  vfs_read+0x200/0xa30
[  202.829426][ T7378]  ? fdget_pos+0x247/0x320
[  202.829451][ T7378]  ? __pfx___mutex_lock+0x10/0x10
[  202.829477][ T7378]  ? __pfx_vfs_read+0x10/0x10
[  202.829509][ T7378]  ? __fget_files+0x2a/0x420
[  202.829534][ T7378]  ? __fget_files+0x3a0/0x420
[  202.829581][ T7378]  ? __fget_files+0x2a/0x420
[  202.829611][ T7378]  ksys_read+0x145/0x250
[  202.829643][ T7378]  ? __pfx_ksys_read+0x10/0x10
[  202.829676][ T7378]  ? lockdep_hardirqs_on+0x9c/0x150
[  202.829704][ T7378]  __do_fast_syscall_32+0xb6/0x2b0
[  202.829730][ T7378]  ? lockdep_hardirqs_on+0x9c/0x150
[  202.829759][ T7378]  do_fast_syscall_32+0x34/0x80
[  202.829784][ T7378]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  202.829811][ T7378] RIP: 0023:0xf7f23539
[  202.829830][ T7378] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  202.829849][ T7378] RSP: 002b:00000000f5416590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  202.829872][ T7378] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5416620
[  202.829886][ T7378] RDX: 000000000000000f RSI: 00000000f73b5ff4 RDI: 0000000000000000
[  202.829899][ T7378] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  202.829911][ T7378] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  202.829924][ T7378] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  202.829956][ T7378]  </TASK>
[  203.071851][    C0] vkms_vblank_simulate: vblank timer overrun
[  203.754108][ T7380] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.762154][ T7380] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.954030][ T7382] binder: BINDER_SET_CONTEXT_MGR already set
[  204.010405][ T7382] binder: 7381:7382 ioctl 4018620d 80000680 returned -16
[  204.552222][ T7380] veth0_to_bond: left allmulticast mode
[  204.665969][ T7380] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  204.722019][ T7380] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  204.815720][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  204.815743][   T30] audit: type=1326 audit(1759166279.020:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.0.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  204.882664][ T7404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.429'.
[  204.909284][   T30] audit: type=1326 audit(1759166279.060:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.0.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  205.067634][   T30] audit: type=1326 audit(1759166279.280:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.0.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  205.175576][   T30] audit: type=1326 audit(1759166279.300:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.0.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  205.376756][ T5947] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  205.387597][ T7412] input: syz0 as /devices/virtual/input/input27
[  205.399260][ T7412] netlink: 'syz.3.431': attribute type 21 has an invalid length.
[  205.546432][ T5947] usb 5-1: Using ep0 maxpacket: 8
[  205.587324][ T5947] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  205.621499][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.647641][ T6291] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  205.668482][ T5947] usb 5-1: Product: syz
[  205.680557][ T5947] usb 5-1: Manufacturer: syz
[  205.688187][ T6291] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  205.697600][ T5947] usb 5-1: SerialNumber: syz
[  205.705339][ T5947] usb 5-1: config 0 descriptor??
[  205.726572][ T6291] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  205.747088][ T6291] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  205.926592][ T5947] gspca_main: sq930x-2.14.0 probing 2770:930c
[  206.012821][ T7423] random: crng reseeded on system resumption
[  206.420633][ T7431] netlink: 4 bytes leftover after parsing attributes in process `syz.0.433'.
[  207.246457][ T5947] gspca_sq930x: ucbus_write failed -110
[  207.506684][ T5947] gspca_sq930x: Sensor ov9630 not yet treated
[  207.519579][ T5947] sq930x 5-1:0.0: probe with driver sq930x failed with error -22
[  207.549609][ T5947] usb 5-1: USB disconnect, device number 18
[  207.658607][ T7438] FAULT_INJECTION: forcing a failure.
[  207.658607][ T7438] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  207.673007][ T7438] CPU: 0 UID: 0 PID: 7438 Comm: syz.3.436 Not tainted syzkaller #0 PREEMPT(full) 
[  207.673041][ T7438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  207.673053][ T7438] Call Trace:
[  207.673059][ T7438]  <TASK>
[  207.673066][ T7438]  dump_stack_lvl+0x189/0x250
[  207.673091][ T7438]  ? __pfx____ratelimit+0x10/0x10
[  207.673109][ T7438]  ? __pfx_dump_stack_lvl+0x10/0x10
[  207.673128][ T7438]  ? __pfx__printk+0x10/0x10
[  207.673151][ T7438]  ? __might_fault+0xb0/0x130
[  207.673182][ T7438]  should_fail_ex+0x414/0x560
[  207.673211][ T7438]  _copy_from_iter+0x1de/0x1790
[  207.673242][ T7438]  ? __pfx__copy_from_iter+0x10/0x10
[  207.673264][ T7438]  ? rcu_is_watching+0x15/0xb0
[  207.673280][ T7438]  ? trace_kmalloc+0x1f/0xd0
[  207.673301][ T7438]  ? kernfs_fop_write_iter+0x158/0x540
[  207.673328][ T7438]  kernfs_fop_write_iter+0x19b/0x540
[  207.673357][ T7438]  vfs_write+0x5c6/0xb30
[  207.673383][ T7438]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  207.673407][ T7438]  ? __pfx_vfs_write+0x10/0x10
[  207.673437][ T7438]  ? __fget_files+0x2a/0x420
[  207.673458][ T7438]  ksys_write+0x145/0x250
[  207.673482][ T7438]  ? __pfx_ksys_write+0x10/0x10
[  207.673506][ T7438]  ? lockdep_hardirqs_on+0x9c/0x150
[  207.673526][ T7438]  __do_fast_syscall_32+0xb6/0x2b0
[  207.673546][ T7438]  ? lockdep_hardirqs_on+0x9c/0x150
[  207.673565][ T7438]  do_fast_syscall_32+0x34/0x80
[  207.673585][ T7438]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  207.673604][ T7438] RIP: 0023:0xf7f66539
[  207.673617][ T7438] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  207.673632][ T7438] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  207.673648][ T7438] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000300
[  207.673659][ T7438] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000000
[  207.673668][ T7438] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  207.673676][ T7438] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  207.673685][ T7438] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  207.673708][ T7438]  </TASK>
[  207.964783][ T7435] netlink: 8 bytes leftover after parsing attributes in process `syz.0.435'.
[  208.218217][ T7447] FAULT_INJECTION: forcing a failure.
[  208.218217][ T7447] name failslab, interval 1, probability 0, space 0, times 0
[  208.238733][ T7447] CPU: 0 UID: 0 PID: 7447 Comm: syz.1.439 Not tainted syzkaller #0 PREEMPT(full) 
[  208.238765][ T7447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  208.238779][ T7447] Call Trace:
[  208.238787][ T7447]  <TASK>
[  208.238797][ T7447]  dump_stack_lvl+0x189/0x250
[  208.238828][ T7447]  ? __pfx____ratelimit+0x10/0x10
[  208.238853][ T7447]  ? __pfx_dump_stack_lvl+0x10/0x10
[  208.238879][ T7447]  ? __pfx__printk+0x10/0x10
[  208.238933][ T7447]  ? __pfx___might_resched+0x10/0x10
[  208.238959][ T7447]  should_fail_ex+0x414/0x560
[  208.238997][ T7447]  should_failslab+0xa8/0x100
[  208.239032][ T7447]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  208.239064][ T7447]  ? __alloc_skb+0x112/0x2d0
[  208.239104][ T7447]  __alloc_skb+0x112/0x2d0
[  208.239132][ T7447]  netlink_sendmsg+0x5c6/0xb30
[  208.239167][ T7447]  ? __pfx_netlink_sendmsg+0x10/0x10
[  208.239194][ T7447]  ? __import_iovec+0x5d4/0x7f0
[  208.239221][ T7447]  ? aa_sock_msg_perm+0xf1/0x1d0
[  208.239245][ T7447]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  208.239268][ T7447]  ? __pfx_netlink_sendmsg+0x10/0x10
[  208.239294][ T7447]  __sock_sendmsg+0x219/0x270
[  208.239351][ T7447]  ____sys_sendmsg+0x505/0x830
[  208.239385][ T7447]  ? __pfx_____sys_sendmsg+0x10/0x10
[  208.239431][ T7447]  ___sys_sendmsg+0x21f/0x2a0
[  208.239462][ T7447]  ? __pfx____sys_sendmsg+0x10/0x10
[  208.239529][ T7447]  ? __fget_files+0x2a/0x420
[  208.239548][ T7447]  ? __fget_files+0x3a0/0x420
[  208.239579][ T7447]  __sys_sendmsg+0x164/0x220
[  208.239609][ T7447]  ? __pfx___sys_sendmsg+0x10/0x10
[  208.239661][ T7447]  ? lockdep_hardirqs_on+0x9c/0x150
[  208.239688][ T7447]  __do_fast_syscall_32+0xb6/0x2b0
[  208.239715][ T7447]  ? lockdep_hardirqs_on+0x9c/0x150
[  208.239741][ T7447]  do_fast_syscall_32+0x34/0x80
[  208.239767][ T7447]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  208.239793][ T7447] RIP: 0023:0xf7f66539
[  208.239811][ T7447] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  208.239830][ T7447] RSP: 002b:00000000f543555c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  208.239853][ T7447] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000400
[  208.239867][ T7447] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000
[  208.239880][ T7447] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  208.239892][ T7447] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  208.239905][ T7447] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  208.239936][ T7447]  </TASK>
[  208.686621][ T7457] input: syz0 as /devices/virtual/input/input28
[  208.703792][ T7457] netlink: 'syz.4.445': attribute type 21 has an invalid length.
[  208.826864][ T6933] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  208.988956][ T6933] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  208.999305][ T6933] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  209.012920][ T6933] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  209.024153][ T6933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.126856][ T6922] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  209.255139][ T7453] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  209.265655][ T7453] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  209.276441][ T6922] usb 1-1: Using ep0 maxpacket: 8
[  209.284110][ T6933] usb 3-1: usb_control_msg returned -32
[  209.289615][ T6922] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  209.292555][ T6933] usbtmc 3-1:16.0: can't read capabilities
[  209.301581][ T6922] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.314738][ T6922] usb 1-1: Product: syz
[  209.322415][ T6922] usb 1-1: Manufacturer: syz
[  209.322418][ T5947] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  209.335208][ T6922] usb 1-1: SerialNumber: syz
[  209.350789][ T6922] usb 1-1: config 0 descriptor??
[  209.466452][ T5947] usb 2-1: Using ep0 maxpacket: 32
[  209.484422][ T5947] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  209.495100][ T5947] usb 2-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[  209.504605][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.519201][ T5947] usb 2-1: config 0 descriptor??
[  209.533377][ T5947] dvb-usb: found a 'TeVii S662' in warm state.
[  209.560766][ T5947] dw2102: su3000_power_ctrl: 1, initialized 0
[  209.575257][ T6922] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  209.577467][ T5947] dvb-usb: bulk message failed: -22 (2/0)
[  209.634601][ T5947] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  209.671432][ T5947] dvbdev: DVB: registering new adapter (TeVii S662)
[  209.683394][ T5947] usb 2-1: media controller created
[  209.699119][ T7469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  209.700081][ T5947] dvb-usb: bulk message failed: -22 (6/0)
[  209.710124][ T7469] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  209.725615][ T5947] dw2102: i2c transfer failed.
[  209.728887][ T7465] FAULT_INJECTION: forcing a failure.
[  209.728887][ T7465] name failslab, interval 1, probability 0, space 0, times 0
[  209.748125][ T7469] netlink: 'syz.2.444': attribute type 1 has an invalid length.
[  209.766503][ T5947] dvb-usb: bulk message failed: -22 (6/0)
[  209.767155][ T7465] CPU: 0 UID: 0 PID: 7465 Comm: syz.1.448 Not tainted syzkaller #0 PREEMPT(full) 
[  209.767186][ T7465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  209.767201][ T7465] Call Trace:
[  209.767215][ T7465]  <TASK>
[  209.767226][ T7465]  dump_stack_lvl+0x189/0x250
[  209.767262][ T7465]  ? __pfx____ratelimit+0x10/0x10
[  209.767290][ T7465]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.767321][ T7465]  ? __pfx__printk+0x10/0x10
[  209.767360][ T7465]  ? __pfx___might_resched+0x10/0x10
[  209.767385][ T7465]  ? fs_reclaim_acquire+0x7d/0x100
[  209.767414][ T7465]  should_fail_ex+0x414/0x560
[  209.767459][ T7465]  should_failslab+0xa8/0x100
[  209.767499][ T7465]  __kmalloc_noprof+0xcb/0x4f0
[  209.767532][ T7465]  ? tomoyo_encode+0x28b/0x550
[  209.767629][ T7465]  tomoyo_encode+0x28b/0x550
[  209.767662][ T7465]  tomoyo_realpath_from_path+0x58d/0x5d0
[  209.767704][ T7465]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  209.767741][ T7465]  tomoyo_path_number_perm+0x1e8/0x5a0
[  209.767782][ T7465]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  209.767841][ T7465]  ? __lock_acquire+0xab9/0xd20
[  209.767904][ T7465]  ? __fget_files+0x2a/0x420
[  209.767933][ T7465]  ? __fget_files+0x3a0/0x420
[  209.767954][ T7465]  ? __fget_files+0x2a/0x420
[  209.767981][ T7465]  security_file_ioctl_compat+0xcb/0x2d0
[  209.768021][ T7465]  __ia32_compat_sys_ioctl+0x128/0x840
[  209.768060][ T7465]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  209.768093][ T7465]  ? __fget_files+0x3a0/0x420
[  209.768125][ T7465]  ? fput+0xa0/0xd0
[  209.768152][ T7465]  ? ksys_write+0x22a/0x250
[  209.768198][ T7465]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.768228][ T7465]  __do_fast_syscall_32+0xb6/0x2b0
[  209.768267][ T7465]  do_fast_syscall_32+0x34/0x80
[  209.768298][ T7465]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  209.768327][ T7465] RIP: 0023:0xf7f66539
[  209.768348][ T7465] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  209.768371][ T7465] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  209.768396][ T7465] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000720
[  209.768412][ T7465] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  209.768428][ T7465] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  209.768441][ T7465] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  209.768457][ T7465] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  209.768492][ T7465]  </TASK>
[  209.769384][ T7465] ERROR: Out of memory at tomoyo_realpath_from_path.
[  209.772276][ T5947] dw2102: i2c transfer failed.
[  209.772321][ T5947] dvb-usb: bulk message failed: -22 (6/0)
[  209.841083][ T7469] 8021q: adding VLAN 0 to HW filter on device bond1
[  210.063672][ T5947] dw2102: i2c transfer failed.
[  210.083126][ T7465] dvb-usb: bulk message failed: -22 (4/0)
[  210.090424][ T7465] dw2102: i2c transfer failed.
[  210.110725][ T5947] dvb-usb: bulk message failed: -22 (6/0)
[  210.182520][ T5947] dw2102: i2c transfer failed.
[  210.201749][ T7476] random: crng reseeded on system resumption
[  210.248943][ T5947] dvb-usb: bulk message failed: -22 (6/0)
[  210.266828][ T5947] dw2102: i2c transfer failed.
[  210.278935][ T5947] dvb-usb: bulk message failed: -22 (6/0)
[  210.290110][ T5947] dw2102: i2c transfer failed.
[  210.305058][ T5947] dvb-usb: MAC address: 02:02:02:02:02:02
[  210.391333][ T5947] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  210.477137][ T5947] dvb-usb: bulk message failed: -22 (3/0)
[  210.483016][ T5947] dw2102: command 0x0e transfer failed.
[  210.512220][ T5947] dvb-usb: bulk message failed: -22 (3/0)
[  210.530203][ T5947] dw2102: command 0x0e transfer failed.
[  210.832220][ T6922] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  210.856473][ T5947] dvb-usb: bulk message failed: -22 (3/0)
[  210.863654][ T5947] dw2102: command 0x0e transfer failed.
[  210.864284][ T6922] usb 1-1: USB disconnect, device number 11
[  210.900861][ T5947] dvb-usb: bulk message failed: -22 (3/0)
[  210.953153][ T5947] dw2102: command 0x0e transfer failed.
[  210.982281][ T5947] dvb-usb: bulk message failed: -22 (1/0)
[  211.026590][ T5947] dw2102: command 0x51 transfer failed.
[  211.066039][ T5947] dvb-usb: bulk message failed: -22 (5/0)
[  211.073882][ T5947] dw2102: i2c probe for address 0x68 failed.
[  211.086407][ T5947] dvb-usb: bulk message failed: -22 (5/0)
[  211.098648][ T5947] dw2102: i2c probe for address 0x69 failed.
[  211.111011][ T5947] dvb-usb: bulk message failed: -22 (5/0)
[  211.123373][ T5947] dw2102: i2c probe for address 0x6a failed.
[  211.139223][ T5947] dw2102: probing for demodulator failed. Is the external power switched on?
[  211.155674][ T5947] dvb-usb: no frontend was attached by 'TeVii S662'
[  211.247796][ T5947] rc_core: IR keymap rc-tt-1500 not found
[  211.254023][ T5947] Registered IR keymap rc-empty
[  211.265601][ T5947] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  211.299519][ T5947] input: TeVii S662 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input29
[  211.336133][ T5947] dvb-usb: schedule remote query interval to 250 msecs.
[  211.370182][ T5947] dw2102: su3000_power_ctrl: 0, initialized 1
[  211.386600][ T5947] dvb-usb: TeVii S662 successfully initialized and connected.
[  211.404172][ T5947] usb 2-1: USB disconnect, device number 12
[  211.480668][ T5947] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[  211.670168][ T6922] usb 3-1: USB disconnect, device number 18
[  211.796714][ T5947] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  212.076374][ T5947] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  212.114524][ T5947] usb 2-1: config 0 has no interface number 0
[  212.444658][ T5947] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  212.460078][ T7514] bond1: left promiscuous mode
[  212.480334][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.493389][ T5947] usb 2-1: config 0 descriptor??
[  212.514423][ T5947] usb 2-1: selecting invalid altsetting 1
[  212.529199][ T5947] dvb_ttusb_budget: ttusb_init_controller: error
[  212.558921][ T5947] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  212.563255][ T7514] bond1: left allmulticast mode
[  212.733646][ T5947] DVB: Unable to find symbol cx22700_attach()
[  212.997484][ T5947] DVB: Unable to find symbol tda10046_attach()
[  213.004060][ T5947] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  213.030656][ T5947] usb 2-1: USB disconnect, device number 13
[  213.116784][ T6922] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  213.328321][ T6922] usb 4-1: Using ep0 maxpacket: 32
[  213.369463][ T6922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  213.407233][ T6922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  213.445265][ T6922] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  213.502919][ T6922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.513578][ T7525] binder: BINDER_SET_CONTEXT_MGR already set
[  213.533214][ T7525] binder: 7524:7525 ioctl 4018620d 80000680 returned -16
[  213.549702][ T6922] usb 4-1: config 0 descriptor??
[  213.666465][ T5947] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  213.846860][ T5947] usb 5-1: Using ep0 maxpacket: 32
[  213.856836][ T5947] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  213.876559][ T5947] usb 5-1: config 0 has no interface number 0
[  213.893427][ T5947] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  213.928642][ T5947] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  213.946155][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.955711][ T5947] usb 5-1: Product: syz
[  213.964604][ T5947] usb 5-1: Manufacturer: syz
[  213.969559][ T5947] usb 5-1: SerialNumber: syz
[  213.979725][ T5947] usb 5-1: config 0 descriptor??
[  214.013105][ T5947] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  214.025923][ T5947] em28xx 5-1:0.132: Video interface 132 found:
[  214.062015][ T6922] savu 0003:1E7D:2D5A.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  214.176447][ T6920] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  214.217291][ T7521] binder: 7520:7521 ioctl c00c620f 800001c0 returned -22
[  214.346569][ T6920] usb 2-1: Using ep0 maxpacket: 32
[  214.354486][ T6920] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[  214.362969][ T6920] usb 2-1: config 0 has no interface number 0
[  214.370312][ T6920] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  214.383805][ T6920] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  214.387027][ T5972] usb 4-1: USB disconnect, device number 15
[  214.402342][ T6920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.413469][ T6920] usb 2-1: Product: syz
[  214.418396][ T6920] usb 2-1: Manufacturer: syz
[  214.423066][ T6920] usb 2-1: SerialNumber: syz
[  214.434583][ T6920] usb 2-1: config 0 descriptor??
[  214.452075][ T5947] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[  214.465668][ T6920] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  214.479448][ T6920] em28xx 2-1:0.132: Video interface 132 found:
[  214.859369][ T6920] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[  215.473817][ T7553] gretap1: entered promiscuous mode
[  215.637389][ T5947] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  215.671302][ T5947] em28xx 5-1:0.132: board has no eeprom
[  215.681001][ T7523] em28xx 5-1:0.132: failed to trigger read from i2c address 0x0 (error=-5)
[  215.756576][ T5947] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  215.793370][ T7539] FAULT_INJECTION: forcing a failure.
[  215.793370][ T7539] name failslab, interval 1, probability 0, space 0, times 0
[  215.851905][ T5947] em28xx 5-1:0.132: analog set to bulk mode.
[  215.879100][ T7539] CPU: 1 UID: 0 PID: 7539 Comm: syz.1.466 Not tainted syzkaller #0 PREEMPT(full) 
[  215.879132][ T7539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  215.879153][ T7539] Call Trace:
[  215.879162][ T7539]  <TASK>
[  215.879174][ T7539]  dump_stack_lvl+0x189/0x250
[  215.879206][ T7539]  ? __pfx____ratelimit+0x10/0x10
[  215.879231][ T7539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  215.879258][ T7539]  ? __pfx__printk+0x10/0x10
[  215.879297][ T7539]  ? __pfx___might_resched+0x10/0x10
[  215.879317][ T7539]  ? fs_reclaim_acquire+0x7d/0x100
[  215.879344][ T7539]  should_fail_ex+0x414/0x560
[  215.879385][ T7539]  should_failslab+0xa8/0x100
[  215.879420][ T7539]  __kmalloc_noprof+0xcb/0x4f0
[  215.879460][ T7539]  ? __kasan_kmalloc+0x93/0xb0
[  215.879488][ T7539]  ? usb_alloc_urb+0x46/0x150
[  215.879520][ T7539]  usb_alloc_urb+0x46/0x150
[  215.879549][ T7539]  usb_control_msg+0x118/0x3e0
[  215.879586][ T7539]  em28xx_write_regs_req+0x19c/0x3e0
[  215.879626][ T7539]  em2800_i2c_recv_bytes+0x1bb/0x720
[  215.879665][ T7539]  ? __pfx_em2800_i2c_recv_bytes+0x10/0x10
[  215.879700][ T7539]  ? rt_mutex_trylock+0xf8/0x120
[  215.879727][ T7539]  ? em28xx_i2c_xfer+0x140/0x1ba0
[  215.879761][ T7539]  em28xx_i2c_xfer+0x76e/0x1ba0
[  215.879814][ T7539]  ? __pfx_em28xx_i2c_xfer+0x10/0x10
[  215.879852][ T7539]  ? rt_mutex_slowlock+0x3de/0x6e0
[  215.879886][ T7539]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  215.879919][ T7539]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  215.879948][ T7539]  ? __lock_acquire+0xab9/0xd20
[  215.879992][ T7539]  __i2c_transfer+0x871/0x2170
[  215.880024][ T7539]  ? i2c_transfer+0x120/0x3a0
[  215.880054][ T7539]  ? _parse_integer_limit+0x1ae/0x1f0
[  215.880078][ T7539]  ? __pfx___i2c_transfer+0x10/0x10
[  215.880106][ T7539]  ? rt_mutex_lock_nested+0x172/0x1e0
[  215.880149][ T7539]  ? i2c_transfer+0x120/0x3a0
[  215.880181][ T7539]  i2c_transfer+0x25b/0x3a0
[  215.880211][ T7539]  ? __pfx_i2c_transfer+0x10/0x10
[  215.880235][ T7539]  ? get_pid_task+0x20/0x1f0
[  215.880273][ T7539]  i2c_transfer_buffer_flags+0x105/0x190
[  215.880303][ T7539]  ? __pfx_i2c_transfer_buffer_flags+0x10/0x10
[  215.880328][ T7539]  ? common_file_perm+0x1b5/0x230
[  215.880354][ T7539]  ? i2cdev_read+0xe8/0x220
[  215.880383][ T7539]  i2cdev_read+0x10d/0x220
[  215.880406][ T7539]  ? __pfx_i2cdev_read+0x10/0x10
[  215.880431][ T7539]  vfs_read+0x200/0xa30
[  215.880473][ T7539]  ? __pfx_vfs_read+0x10/0x10
[  215.880504][ T7539]  ? __fget_files+0x2a/0x420
[  215.880528][ T7539]  ? __fget_files+0x2a/0x420
[  215.880546][ T7539]  ? __fget_files+0x3a0/0x420
[  215.880565][ T7539]  ? __fget_files+0x2a/0x420
[  215.880595][ T7539]  ksys_read+0x145/0x250
[  215.880629][ T7539]  ? __pfx_ksys_read+0x10/0x10
[  215.880663][ T7539]  ? lockdep_hardirqs_on+0x9c/0x150
[  215.880691][ T7539]  __do_fast_syscall_32+0xb6/0x2b0
[  215.880727][ T7539]  do_fast_syscall_32+0x34/0x80
[  215.880754][ T7539]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  215.880781][ T7539] RIP: 0023:0xf7f66539
[  215.880800][ T7539] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  215.880819][ T7539] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  215.880842][ T7539] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[  215.880856][ T7539] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  215.880869][ T7539] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  215.880881][ T7539] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  215.880894][ T7539] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  215.880927][ T7539]  </TASK>
[  215.883963][ T5972] em28xx 5-1:0.132: Registering V4L2 extension
[  216.089006][ T7539] em28xx 5-1:0.132: failed to trigger read from i2c address 0x0 (error=-12)
[  216.326485][ T6920] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  216.335615][ T6920] em28xx 2-1:0.132: board has no eeprom
[  216.357409][ T5947] usb 5-1: USB disconnect, device number 19
[  216.417080][ T6920] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  216.425388][ T5947] em28xx 5-1:0.132: Disconnecting em28xx
[  216.443514][ T6920] em28xx 2-1:0.132: analog set to bulk mode.
[  216.506464][ T6920] usb 2-1: USB disconnect, device number 14
[  216.575053][ T6920] em28xx 2-1:0.132: Disconnecting em28xx
[  217.037581][ T5972] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[  217.039176][ T7564] netlink: 'syz.2.472': attribute type 29 has an invalid length.
[  217.045789][ T5972] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[  217.122704][ T5972] em28xx 5-1:0.132: No AC97 audio processor
[  217.157827][ T7566] netlink: 'syz.2.472': attribute type 29 has an invalid length.
[  217.178680][ T5972] usb 5-1: Decoder not found
[  217.214726][ T5972] em28xx 5-1:0.132: failed to create media graph
[  217.241681][ T7572] FAULT_INJECTION: forcing a failure.
[  217.241681][ T7572] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  217.279476][ T5972] em28xx 5-1:0.132: V4L2 device video103 deregistered
[  217.347136][ T7572] CPU: 0 UID: 0 PID: 7572 Comm: syz.0.473 Not tainted syzkaller #0 PREEMPT(full) 
[  217.347167][ T7572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  217.347181][ T7572] Call Trace:
[  217.347189][ T7572]  <TASK>
[  217.347198][ T7572]  dump_stack_lvl+0x189/0x250
[  217.347231][ T7572]  ? __pfx____ratelimit+0x10/0x10
[  217.347255][ T7572]  ? __pfx_dump_stack_lvl+0x10/0x10
[  217.347281][ T7572]  ? __pfx__printk+0x10/0x10
[  217.347312][ T7572]  ? __might_fault+0xb0/0x130
[  217.347355][ T7572]  should_fail_ex+0x414/0x560
[  217.347392][ T7572]  _copy_from_iter+0x1de/0x1790
[  217.347421][ T7572]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  217.347443][ T7572]  ? policy_nodemask+0x27c/0x720
[  217.347463][ T7572]  ? __pfx__copy_from_iter+0x10/0x10
[  217.347485][ T7572]  ? set_page_refcounted+0xa0/0x1e0
[  217.347506][ T7572]  ? page_copy_sane+0x4e/0x280
[  217.347524][ T7572]  copy_page_from_iter+0xdd/0x170
[  217.347545][ T7572]  tun_get_user+0x1d7b/0x3ea0
[  217.347569][ T7572]  ? tun_get_user+0x6f6/0x3ea0
[  217.347592][ T7572]  ? aa_file_perm+0x44d/0x1550
[  217.347608][ T7572]  ? __pfx_tun_get_user+0x10/0x10
[  217.347624][ T7572]  ? _parse_integer_limit+0x1ae/0x1f0
[  217.347646][ T7572]  ? __lock_acquire+0xab9/0xd20
[  217.347673][ T7572]  ? ref_tracker_alloc+0x318/0x460
[  217.347685][ T7572]  ? __lock_acquire+0xab9/0xd20
[  217.347708][ T7572]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  217.347734][ T7572]  ? tun_get+0x1c/0x2f0
[  217.347760][ T7572]  ? tun_get+0x1c/0x2f0
[  217.347776][ T7572]  ? tun_get+0x1c/0x2f0
[  217.347797][ T7572]  tun_chr_write_iter+0x113/0x200
[  217.347816][ T7572]  vfs_write+0x5c6/0xb30
[  217.347841][ T7572]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  217.347859][ T7572]  ? __pfx_vfs_write+0x10/0x10
[  217.347887][ T7572]  ? __fget_files+0x2a/0x420
[  217.347907][ T7572]  ksys_write+0x145/0x250
[  217.347929][ T7572]  ? __pfx_ksys_write+0x10/0x10
[  217.347952][ T7572]  ? lockdep_hardirqs_on+0x9c/0x150
[  217.347971][ T7572]  __do_fast_syscall_32+0xb6/0x2b0
[  217.347990][ T7572]  ? lockdep_hardirqs_on+0x9c/0x150
[  217.348009][ T7572]  do_fast_syscall_32+0x34/0x80
[  217.348026][ T7572]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  217.348045][ T7572] RIP: 0023:0xf70ee539
[  217.348058][ T7572] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  217.348072][ T7572] RSP: 002b:00000000f549c520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  217.348088][ T7572] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000080
[  217.348098][ T7572] RDX: 000000000000007a RSI: 00000000f7485ff4 RDI: 0000000000000000
[  217.348107][ T7572] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  217.348116][ T7572] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  217.348125][ T7572] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  217.348145][ T7572]  </TASK>
[  217.689429][ T5972] em28xx 5-1:0.132: Remote control support is not available for this card.
[  217.855629][ T5947] em28xx 5-1:0.132: Closing input extension
[  217.870102][ T6922] em28xx 2-1:0.132: Registering V4L2 extension
[  217.972151][ T5947] em28xx 5-1:0.132: Freeing device
[  218.174276][ T7581] mmap: syz.1.476 (7581) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  218.279376][ T6922] em28xx 2-1:0.132: Config register raw data: 0xffffffed
[  218.286655][ T6922] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[  218.332544][ T7588] netlink: 8 bytes leftover after parsing attributes in process `syz.3.477'.
[  218.348712][ T6922] em28xx 2-1:0.132: No AC97 audio processor
[  218.431328][ T6922] usb 2-1: Decoder not found
[  218.462624][ T6922] em28xx 2-1:0.132: failed to create media graph
[  218.497874][ T6922] em28xx 2-1:0.132: V4L2 device video103 deregistered
[  218.630980][ T6922] em28xx 2-1:0.132: Remote control support is not available for this card.
[  218.676391][ T6920] em28xx 2-1:0.132: Closing input extension
[  218.692794][ T6920] ==================================================================
[  218.701023][ T6920] BUG: KASAN: slab-use-after-free in media_device_unregister+0x141/0x400
[  218.709694][ T6920] Read of size 8 at addr ffff88802f0b0210 by task kworker/0:13/6920
[  218.717777][ T6920] 
[  218.720141][ T6920] CPU: 0 UID: 0 PID: 6920 Comm: kworker/0:13 Not tainted syzkaller #0 PREEMPT(full) 
[  218.720165][ T6920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  218.720177][ T6920] Workqueue: usb_hub_wq hub_event
[  218.720206][ T6920] Call Trace:
[  218.720215][ T6920]  <TASK>
[  218.720222][ T6920]  dump_stack_lvl+0x189/0x250
[  218.720243][ T6920]  ? rcu_is_watching+0x15/0xb0
[  218.720259][ T6920]  ? __kasan_check_byte+0x12/0x40
[  218.720283][ T6920]  ? __pfx_dump_stack_lvl+0x10/0x10
[  218.720301][ T6920]  ? rcu_is_watching+0x15/0xb0
[  218.720317][ T6920]  ? lock_release+0x4b/0x3e0
[  218.720343][ T6920]  ? __virt_addr_valid+0x1c8/0x5c0
[  218.720364][ T6920]  ? __virt_addr_valid+0x4a5/0x5c0
[  218.720387][ T6920]  print_report+0xca/0x240
[  218.720407][ T6920]  ? media_device_unregister+0x141/0x400
[  218.720431][ T6920]  kasan_report+0x118/0x150
[  218.720463][ T6920]  ? media_device_unregister+0x141/0x400
[  218.720490][ T6920]  media_device_unregister+0x141/0x400
[  218.720582][ T6920]  em28xx_release_resources+0xac/0x240
[  218.720613][ T6920]  em28xx_usb_disconnect+0x19f/0x2f0
[  218.720635][ T6920]  usb_unbind_interface+0x26b/0x910
[  218.720662][ T6920]  ? __pfx_usb_unbind_interface+0x10/0x10
[  218.720686][ T6920]  device_release_driver_internal+0x4d6/0x800
[  218.720710][ T6920]  bus_remove_device+0x34d/0x410
[  218.720728][ T6920]  device_del+0x511/0x8e0
[  218.720747][ T6920]  ? kfree+0x18e/0x440
[  218.720768][ T6920]  ? __pfx_device_del+0x10/0x10
[  218.720787][ T6920]  ? kobject_put+0x446/0x480
[  218.720810][ T6920]  usb_disable_device+0x3e9/0x8a0
[  218.720836][ T6920]  usb_disconnect+0x330/0x950
[  218.720859][ T6920]  hub_event+0x1cf5/0x4a20
[  218.720891][ T6920]  ? do_raw_spin_lock+0x121/0x290
[  218.720912][ T6920]  ? register_lock_class+0x51/0x320
[  218.720942][ T6920]  ? __pfx_hub_event+0x10/0x10
[  218.720963][ T6920]  ? process_scheduled_works+0x9ef/0x17b0
[  218.720981][ T6920]  ? _raw_spin_unlock_irq+0x23/0x50
[  218.720996][ T6920]  ? process_scheduled_works+0x9ef/0x17b0
[  218.721010][ T6920]  ? process_scheduled_works+0x9ef/0x17b0
[  218.721026][ T6920]  process_scheduled_works+0xade/0x17b0
[  218.721052][ T6920]  ? __pfx_process_scheduled_works+0x10/0x10
[  218.721074][ T6920]  worker_thread+0x8a0/0xda0
[  218.721100][ T6920]  kthread+0x711/0x8a0
[  218.721120][ T6920]  ? __pfx_worker_thread+0x10/0x10
[  218.721136][ T6920]  ? __pfx_kthread+0x10/0x10
[  218.721156][ T6920]  ? _raw_spin_unlock_irq+0x23/0x50
[  218.721170][ T6920]  ? lockdep_hardirqs_on+0x9c/0x150
[  218.721185][ T6920]  ? __pfx_kthread+0x10/0x10
[  218.721205][ T6920]  ret_from_fork+0x439/0x7d0
[  218.721222][ T6920]  ? __pfx_ret_from_fork+0x10/0x10
[  218.721239][ T6920]  ? __switch_to_asm+0x39/0x70
[  218.721259][ T6920]  ? __switch_to_asm+0x33/0x70
[  218.721279][ T6920]  ? __pfx_kthread+0x10/0x10
[  218.721299][ T6920]  ret_from_fork_asm+0x1a/0x30
[  218.721326][ T6920]  </TASK>
[  218.721332][ T6920] 
[  219.002225][ T6920] Allocated by task 6922:
[  219.006931][ T6920]  kasan_save_track+0x3e/0x80
[  219.011736][ T6920]  __kasan_kmalloc+0x93/0xb0
[  219.016373][ T6920]  __kmalloc_cache_noprof+0x230/0x3d0
[  219.022167][ T6920]  em28xx_v4l2_init+0x10b/0x2e70
[  219.027220][ T6920]  em28xx_init_extension+0x120/0x1c0
[  219.032725][ T6920]  process_scheduled_works+0xade/0x17b0
[  219.038512][ T6920]  worker_thread+0x8a0/0xda0
[  219.043129][ T6920]  kthread+0x711/0x8a0
[  219.047206][ T6920]  ret_from_fork+0x439/0x7d0
[  219.051974][ T6920]  ret_from_fork_asm+0x1a/0x30
[  219.056753][ T6920] 
[  219.059108][ T6920] Freed by task 6922:
[  219.063102][ T6920]  kasan_save_track+0x3e/0x80
[  219.067883][ T6920]  kasan_save_free_info+0x46/0x50
[  219.073018][ T6920]  __kasan_slab_free+0x5b/0x80
[  219.077906][ T6920]  kfree+0x18e/0x440
[  219.081908][ T6920]  em28xx_v4l2_init+0x1683/0x2e70
[  219.087038][ T6920]  em28xx_init_extension+0x120/0x1c0
[  219.092335][ T6920]  process_scheduled_works+0xade/0x17b0
[  219.098320][ T6920]  worker_thread+0x8a0/0xda0
[  219.102919][ T6920]  kthread+0x711/0x8a0
[  219.107084][ T6920]  ret_from_fork+0x439/0x7d0
[  219.111941][ T6920]  ret_from_fork_asm+0x1a/0x30
[  219.116836][ T6920] 
[  219.119173][ T6920] The buggy address belongs to the object at ffff88802f0b0000
[  219.119173][ T6920]  which belongs to the cache kmalloc-8k of size 8192
[  219.133879][ T6920] The buggy address is located 528 bytes inside of
[  219.133879][ T6920]  freed 8192-byte region [ffff88802f0b0000, ffff88802f0b2000)
[  219.147860][ T6920] 
[  219.150196][ T6920] The buggy address belongs to the physical page:
[  219.156793][ T6920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f0b0
[  219.165753][ T6920] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  219.174431][ T6920] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  219.182444][ T6920] page_type: f5(slab)
[  219.186471][ T6920] raw: 00fff00000000040 ffff88801a442280 ffffea0000c9ce00 dead000000000003
[  219.195149][ T6920] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  219.203742][ T6920] head: 00fff00000000040 ffff88801a442280 ffffea0000c9ce00 dead000000000003
[  219.212950][ T6920] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  219.221845][ T6920] head: 00fff00000000003 ffffea0000bc2c01 00000000ffffffff 00000000ffffffff
[  219.230855][ T6920] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  219.239884][ T6920] page dumped because: kasan: bad access detected
[  219.246429][ T6920] page_owner tracks the page as allocated
[  219.252268][ T6920] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5518, tgid 5518 (S35iptables), ts 57319055327, free_ts 57286149882
[  219.273285][ T6920]  post_alloc_hook+0x240/0x2a0
[  219.278096][ T6920]  get_page_from_freelist+0x21e4/0x22c0
[  219.283772][ T6920]  __alloc_frozen_pages_noprof+0x181/0x370
[  219.289701][ T6920]  alloc_pages_mpol+0x232/0x4a0
[  219.294606][ T6920]  allocate_slab+0x8a/0x370
[  219.299122][ T6920]  ___slab_alloc+0xbeb/0x1420
[  219.303909][ T6920]  __kmalloc_cache_noprof+0x296/0x3d0
[  219.309588][ T6920]  tomoyo_init_log+0x111f/0x1f70
[  219.314577][ T6920]  tomoyo_supervisor+0x340/0x1480
[  219.319631][ T6920]  tomoyo_env_perm+0x149/0x1e0
[  219.324436][ T6920]  tomoyo_find_next_domain+0x15cf/0x1aa0
[  219.330351][ T6920]  tomoyo_bprm_check_security+0x11c/0x180
[  219.336254][ T6920]  security_bprm_check+0x89/0x270
[  219.341332][ T6920]  bprm_execve+0x8ee/0x1450
[  219.345863][ T6920]  do_execveat_common+0x510/0x6a0
[  219.350913][ T6920]  __x64_sys_execve+0x94/0xb0
[  219.358251][ T6920] page last free pid 5517 tgid 5517 stack trace:
[  219.364860][ T6920]  __free_frozen_pages+0xbc4/0xd30
[  219.370189][ T6920]  __put_partials+0x156/0x1a0
[  219.375078][ T6920]  put_cpu_partial+0x17c/0x250
[  219.379953][ T6920]  __slab_free+0x2d5/0x3c0
[  219.384586][ T6920]  qlist_free_all+0x97/0x140
[  219.389231][ T6920]  kasan_quarantine_reduce+0x148/0x160
[  219.394719][ T6920]  __kasan_slab_alloc+0x22/0x80
[  219.399629][ T6920]  __kmalloc_cache_noprof+0x1be/0x3d0
[  219.405032][ T6920]  tomoyo_init_log+0x183/0x1f70
[  219.409907][ T6920]  tomoyo_supervisor+0x340/0x1480
[  219.416368][ T6920]  tomoyo_path_permission+0x25a/0x380
[  219.421883][ T6920]  tomoyo_path_perm+0x392/0x4b0
[  219.426771][ T6920]  security_inode_getattr+0x12f/0x330
[  219.432241][ T6920]  __x64_sys_newfstat+0xfc/0x200
[  219.437184][ T6920]  do_syscall_64+0xfa/0x3b0
[  219.441790][ T6920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.447686][ T6920] 
[  219.450022][ T6920] Memory state around the buggy address:
[  219.455737][ T6920]  ffff88802f0b0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  219.464680][ T6920]  ffff88802f0b0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  219.472873][ T6920] >ffff88802f0b0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  219.481125][ T6920]                          ^
[  219.485827][ T6920]  ffff88802f0b0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  219.494064][ T6920]  ffff88802f0b0300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  219.502312][ T6920] ==================================================================
[  219.780411][ T7603] input: syz0 as /devices/virtual/input/input30
[  219.838077][ T7604] netlink: 'syz.1.480': attribute type 21 has an invalid length.
[  220.376740][ T6920] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  220.384070][ T6920] CPU: 0 UID: 0 PID: 6920 Comm: kworker/0:13 Not tainted syzkaller #0 PREEMPT(full) 
[  220.393655][ T6920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  220.403818][ T6920] Workqueue: usb_hub_wq hub_event
[  220.408874][ T6920] Call Trace:
[  220.412164][ T6920]  <TASK>
[  220.415103][ T6920]  dump_stack_lvl+0x99/0x250
[  220.419738][ T6920]  ? __asan_memcpy+0x40/0x70
[  220.424440][ T6920]  ? __pfx_dump_stack_lvl+0x10/0x10
[  220.429653][ T6920]  ? __pfx__printk+0x10/0x10
[  220.434266][ T6920]  vpanic+0x281/0x750
[  220.438263][ T6920]  ? preempt_schedule+0xae/0xc0
[  220.443134][ T6920]  ? __pfx_vpanic+0x10/0x10
[  220.447657][ T6920]  ? preempt_schedule_common+0x83/0xd0
[  220.453135][ T6920]  ? preempt_schedule+0xae/0xc0
[  220.458189][ T6920]  ? __pfx_preempt_schedule+0x10/0x10
[  220.463580][ T6920]  panic+0xb9/0xc0
[  220.467341][ T6920]  ? __pfx_panic+0x10/0x10
[  220.471884][ T6920]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  220.477883][ T6920]  ? media_device_unregister+0x141/0x400
[  220.483528][ T6920]  check_panic_on_warn+0x89/0xb0
[  220.488502][ T6920]  ? media_device_unregister+0x141/0x400
[  220.494160][ T6920]  end_report+0x78/0x160
[  220.498460][ T6920]  kasan_report+0x129/0x150
[  220.503455][ T6920]  ? media_device_unregister+0x141/0x400
[  220.509137][ T6920]  media_device_unregister+0x141/0x400
[  220.514658][ T6920]  em28xx_release_resources+0xac/0x240
[  220.520318][ T6920]  em28xx_usb_disconnect+0x19f/0x2f0
[  220.525738][ T6920]  usb_unbind_interface+0x26b/0x910
[  220.531059][ T6920]  ? __pfx_usb_unbind_interface+0x10/0x10
[  220.536797][ T6920]  device_release_driver_internal+0x4d6/0x800
[  220.542882][ T6920]  bus_remove_device+0x34d/0x410
[  220.547845][ T6920]  device_del+0x511/0x8e0
[  220.552181][ T6920]  ? kfree+0x18e/0x440
[  220.556264][ T6920]  ? __pfx_device_del+0x10/0x10
[  220.561136][ T6920]  ? kobject_put+0x446/0x480
[  220.565775][ T6920]  usb_disable_device+0x3e9/0x8a0
[  220.570916][ T6920]  usb_disconnect+0x330/0x950
[  220.575724][ T6920]  hub_event+0x1cf5/0x4a20
[  220.580189][ T6920]  ? do_raw_spin_lock+0x121/0x290
[  220.585225][ T6920]  ? register_lock_class+0x51/0x320
[  220.590444][ T6920]  ? __pfx_hub_event+0x10/0x10
[  220.595319][ T6920]  ? process_scheduled_works+0x9ef/0x17b0
[  220.601154][ T6920]  ? _raw_spin_unlock_irq+0x23/0x50
[  220.606415][ T6920]  ? process_scheduled_works+0x9ef/0x17b0
[  220.612173][ T6920]  ? process_scheduled_works+0x9ef/0x17b0
[  220.617918][ T6920]  process_scheduled_works+0xade/0x17b0
[  220.623585][ T6920]  ? __pfx_process_scheduled_works+0x10/0x10
[  220.629585][ T6920]  worker_thread+0x8a0/0xda0
[  220.634435][ T6920]  kthread+0x711/0x8a0
[  220.638640][ T6920]  ? __pfx_worker_thread+0x10/0x10
[  220.643775][ T6920]  ? __pfx_kthread+0x10/0x10
[  220.648385][ T6920]  ? _raw_spin_unlock_irq+0x23/0x50
[  220.653593][ T6920]  ? lockdep_hardirqs_on+0x9c/0x150
[  220.658800][ T6920]  ? __pfx_kthread+0x10/0x10
[  220.663413][ T6920]  ret_from_fork+0x439/0x7d0
[  220.668018][ T6920]  ? __pfx_ret_from_fork+0x10/0x10
[  220.673147][ T6920]  ? __switch_to_asm+0x39/0x70
[  220.677939][ T6920]  ? __switch_to_asm+0x33/0x70
[  220.682713][ T6920]  ? __pfx_kthread+0x10/0x10
[  220.687399][ T6920]  ret_from_fork_asm+0x1a/0x30
[  220.692181][ T6920]  </TASK>
[  220.695573][ T6920] Kernel Offset: disabled
[  220.699909][ T6920] Rebooting in 86400 seconds..